Permissions can depend on:
Group Access
Some data can be shared either globally or based on the user’s access control group.
- Global: Shared configurations with all users.
- Group: Specific to a particular group.
Ownership
The following can be owned, which are configured based on user preferences:
Permissions
- Access Control Groups
- Account
- Alerts
- API
- Bitsight Badge
- Bitsight for 4th Party
- Collaboration
- Company Relationships
- Company Requests
- Financial Quantification
- Folders
- SAML
- Subscriptions
- Tiers
- Infrastructure
-
Remediation
- Bitsight Work From Home
- Company Notes
- Exposed Credentials Download
- Finding Comments
- Issue Tracking
- Underwriting Guidelines
- User Management
Access Control Groups
Access Control Groups allow subsets of portfolio companies to be grouped together and users to be assigned access to them. The users will have the ability to see and monitor only the subset of companies.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
|
✓ | ❌ | ❌ | ❌ |
|
✓ | Group Access | Group Access | ❌ |
Account
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Implement 2-factor authentication (2FA): | Implement for your own account. | Implement for your own account. | Implement for your own account. | Implement for your own account. |
Generate a Platform Usage report: | ✓ | ✓ | ✓ | ❌ |
Require users to implement 2FA: | ✓ | ❌ | ❌ | ❌ |
Reset 2FA to allow users to reimplement 2FA: | ✓ | ❌ | ❌ | ❌ |
Alerts
Alerts automate how changes that occur in your portfolio are monitored, including changes to ratings, changes to risk vector grades, and more.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Set up the company-wide email distribution list: | ✓ | ❌ | ❌ | ❌ |
Set your alert settings; enable or disable alerts for yourself: | ✓ | ✓ | ✓ | ✓ |
API
The Bitsight API and Bitsight VRM API allows developers to build applications around Bitsight data into their existing systems. Learn more about token types.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Generate and manage company API tokens: | ✓ | ❌ | ❌ | ❌ |
Generate and manage user API tokens: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
Bitsight Badge
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Configure Bitsight Badge: | ✓ | ❌ | ❌ | ❌ |
Enable/Disable Bitsight Badge: | ✓ | ❌ | ❌ | ❌ |
Bitsight for 4th Party
- Only your organization can define your own 4th party relationships.
- Your added service providers are only visible to your organization.
Collaboration
The Client/Vendor Access Program allows you to collaborate with other companies, such as helping a third party improve their Bitsight Security Rating, by extending an invitation to allow access to the Bitsight platform.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Add new contact information for portfolio companies via the Bitsight API: | ✓ | Group Access | ❌ | ❌ |
Edit or delete collaboration messages: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
Invite a company to collaborate: You must be subscribed to the recipient organization. |
✓ | ✓ | ✓ | ✓ |
Generate a registration page for clients to sign up for the Client/Vendor Access Program: | ✓ | ❌ | ❌ | ❌ |
View invitations and collaboration progress:
|
✓ | Group Access | Group Access | Group Access |
Company Relationships
Company relationships optimizes the onboarding workflow by applying the appropriate level of due diligence to a company while they’re being evaluated during onboarding.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Define your organization’s company relationship with another company: | ✓ | Group Access | Group Access | ❌ |
Company Requests
Submit a company request to add an entity to the Bitsight inventory.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Submit company requests: | ✓ | ✓ | ✓ | ✓ |
Submit company requests in bulk (Multiple Request): | ✓ | ✓ | ✓ | ❌ |
Financial Quantification
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Enable Financial Quantification: | ✓ | ✓ | ❌ | ❌ |
Run a quantification: | ✓ | ✓ | If Enabled | If Enabled |
Select companies for quantification: | ✓ | ❌ | ❌ | ❌ |
View results: | ✓ | ✓ | If Enabled | If Enabled |
Folders
Folders can be used to organize your portfolio to better understand the security performance of certain groups of companies, such as IT vendors and companies in your organization.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Be assigned as a folder owner: | ✓ | ✓ | ✓ | ✓ |
Create a folder: | ✓ | ✓ | ✓ | ✓ |
Delete a folder: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
Modify companies in a folder: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
Admins can share folders with any user; other user types can only share folders within their own group. |
SAML
Security Assertion Markup Language (SAML) is an XML-based framework developed by the Organization for the Advancement of Structured Information Standards. It is used to exchange secure data between different services, such as authentication and authorization information.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Configure SAML: | ✓ | ❌ | ❌ | ❌ |
Subscriptions
- Admin can modify all subscriptions and Group Admin can modify subscriptions for their group. This includes the following actions:
- Subscribe to a company.
- Switch from one subscription to another.
- Remove a company from your portfolio.
- Resubscribe to expired subscription.
- Admin can view all subscription data and Group Admin can view subscription data for their group.
Tiers
Tiers are used in the Portfolio Risk Matrix to prioritize companies in your portfolio based on their criticality to your organization and their security risk.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Add, edit, and remove tiers: | ✓ | Group Access | Group Access | ❌ |
Modify companies in a tier: | ✓ | Group Access | Group Access | ❌ |
Set risk thresholds: | ✓ | Group Access | Group Access | ❌ |
View tiers in the Portfolio Risk Matrix: | ✓ | Group Access | Group Access | Group Access |
Infrastructure
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Add assets to their infrastucture: | ✓ | ✓ | ❌ | ❌ |
Create a self-published rating: | ✓ | ❌ | ❌ | ❌ |
Highlight which self-published company is the primary: | ✓ | ❌ | ❌ | ❌ |
Remediation & Mitigation
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Bitsight Work From Home: | ✓ | ❌ | ❌ | ❌ |
Company Notes – Edit or delete notes: | ✓ | ✓ | Yes if Owned | Yes if Owned |
Exposed Credentials – Export and download data for your organization: | ✓ | ✓ | ❌ | ❌ |
Finding Comments – Edit or delete comments: | ✓ | ✓ | Yes if Owned | Yes if Owned |
|
✓ | ❌ | ❌ | ❌ |
Issue Tracking – View and assign users to remediate a finding: | ✓ | Group Access | Group Access | Group Access |
Underwriting Guidelines
Underwriting guidelines allow you to choose the minimum grades for each risk vector that can be used to compare against a company’s risk vector grades.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Edit guidelines, including:
|
✅ | ❌ | ❌ | ❌ |
View guidelines: | ✅ | ✅ | ✅ | ✅ |
User Management
The Users tab allows you to manage users of the Bitsight platform within your organization. If all administrators left the company, please contact Bitsight Support.
Action | Admin | Group Admin | Portfolio Manager | User |
---|---|---|---|---|
Activity log: | ✓ | ❌ | ❌ | ❌ |
Assign user roles: | Any role to any user. | Assign users in the group as a User, Portfolio Manager, or Group Admin. | ❌ | ❌ |
Assign users as a collaboration contact to receive incoming Client/Vendor Access Program invitations: | ✓ | Assign users in the group. | ❌ | ❌ |
Assign users as a subscription contact when other users request to add companies to your portfolio: | ✓ | Assign users in the group. | ❌ | ❌ |
Assign users to an Access Control Group: | ✓ | ❌ | ❌ | ❌ |
Be assigned as a collaboration contact to receive incoming Client/Vendor Access Program invitations: | ✓ | ✓ | ✓ | ✓ |
Be assigned as a subscription contact when users request to add a company to the portfolio: | ✓ | Be assigned for the group. | Be assigned for the group. | ❌ |
Edit user information: | ✓ | Edit users in the group. | ❌ | ❌ |
Example: Bitsight Work From Home |
✓ | Enable for users in the group. | ❌ | ❌ |
|
✓ | ✓ | ❌ | ❌ |
- August 19, 2024: Bitsight VRM API permissions.
- May 6, 2024: Enable Access Program renamed to Client/Vendor Access Program.
- December 14, 2023: Activity log.
Feedback
0 comments
Please sign in to leave a comment.