Best practices for permissions management
INFO
In order to use this part of the system you need to be a super admin. To get more oinformations abut how to manage super admins ins RevasOS you can read the manage super admins guide.
This page contains best practices to adopt when assigning roles and permissions to employees. It was designed by experts for experts, so if you are just starting to use the roles and permissions functions consider reading the dedicated guides in this documentation first.
Apply minimun-level privileges
Basic roles are the easiest and quickest to configure but allow ample power of use to collaborators to the entire RevasOS system, if you are an advanced user consider using these roles as little as possible and instead use only the system's default roles.
Basic roles are particularly suitable when the organization has a few employees (up to about 10), while a more granular control system is recommended in larger organizations (over 10 employees).
If a collaborator appears not to need access to certain functions, the corresponding role should be removed from the collaborator. The same assessment is applied if an entire team does not appear to need access to certain functions. Access can always be restored after removal.
Grant roles to teams instead of single collaborators
Assign roles to defined teams instead of individual collaborators whenever possible. It is much easier to add or remove collaborators from a team than to reevaluate from time to time the roles that need to be assigned to a collaborator, thereby changing the access policy.
Create teams that accurately describe the activities actually performed within the organization by assigning each team the correct roles and permissions. For example, if there are collaborators who perform marketing activities, create a "Marketing" team and assign the team the roles to manage the website or blogs, but not the billing or other insignificant ones.
If some contributors to a team appear not to be using all the functions available to a team, an assessment of whether the team appropriately describes the group of contributors is appropriate. Multiple teams can be created to organize more extensively, but it may also be appropriate to keep the number of teams small to avoid overcomplicating the organization.