Add default 'Security Admin' and 'Data Admin' roles to support formal segregation of duties
Many enterprise customers have security policies require different administrative roles to support segregation of duties. Today, when we encounter these, we need to build them from scratch and manage them at the model level.
I propose that in addition to 'Workspace Administrator'', we also have 'Security Admin' and 'Data Admin' designations.
Security Admin would have admin access to 'Users' in order to support user maintenance and the assignment of users to model roles. If an additional capacity of tagging models as 'security models' could be created then this role would also have the ability to view any security logic deployed.
Data Admin would have the combined ability to execute Processes and Actions and to view all data in a workspace. They would not have access to security components nor would they be able to change models or Actions.
Get Started with Idea Exchange
See our Submission Guidelines and Idea Evaluation Criteria, then start posting your own ideas and showing support for others!