IntelliSurvey is committed to following and setting the best industry practices for securing surveys and survey data. We believe strongly that surveys, survey data, and survey respondent information should be available only to those who absolutely need to see it; that the data remain available at all times; and that any changes to a survey or its data be recorded and auditable.
To achieve these goals, IntelliSurvey implements a robust system of user roles to limit users' ability to access and modify information, as well as a secure administrative log and audit tools. We make it easy to follow the principle of least privilege; that is, limiting user access to the minimum necessary to meet their needs.
IntelliSurvey users
An IntelliSurvey user can log in to perform a set of privileged actions in the IntelliSurvey platform. A user has roles that grant access to necessary features and data. Every user has a system role that identifies what sort of system-wide actions they may take on a particular server (use the software, create a survey, manage users or system resources, etc.). They may also have various survey roles that grant access to specific surveys, where the user's roles (and rights) could differ for each survey.
The quick guide to user security
Users gain permission to perform an action or see data through roles. Each role consists of a collection of rights.
A right is the permission to perform a specific action. There are two types of rights:
- A system right grants permission to do a system-wide action on a specific server: use the software, create a survey, manage users, view themes, etc.
- A survey right grants permission to perform an action on a specific survey: view this survey, edit this survey, manage user security for this survey, etc.
A role is a bundle of rights and a handy way to identify classes of users. Like rights, there are two types of roles:
- A system role defines what a user can do to the overall system.
- A survey role defines what a user can do to a specific survey.
A user has roles. Every user has:
- One system role
- One or more, survey role(s) for each survey they belong to
Keep in mind some rights may supersede others. For example, the System Administrator system role grants the "manage all surveys" system right to that user. So, a user with that right can view and manage all surveys, even if they don't have the Manager survey role and "manage survey" right for a specific survey.
Next steps
We suggest you read User accounts administration for more information on how to add or manage system users and Survey permissions for more information on how to add or manage users for a particular survey.
Comments
0 comments
Please sign in to leave a comment.