Skip to Content
GuideUsersAccess Control

Role Based Access Control

Role Based Access Control (RBAC) allows you to restrict what your account users have access to.

Configuration Options

TensorCase offers the ability to modify permissions for the following actions:

General Permissions

Users:

  1. Can access and modify billing information and preferences. Only users with this enabled can view billing information.
  2. Can create new investigations. Users who create investigations can also view and edit them by default.
  3. Can delete investigations and their associated data assuming the user already has access.
  4. Can modify the Access Group permissions and membership of other users.

Investigation Access Permissions

Investigation Access permissions allow you to control which investigations users can access for modification and editting. You can choose from:

  1. All: user has access to all investigations
  2. Filter By: user has access to investigations based on a filter condition. TensorCase supports the following filters and matches if at least one is true:
  • Filter by Primary Issue Type across allegations within an investigation
  • Filter by Additional Issue Type across allegations within an investigation
  • Integration Source: matches the source the investigation case came from, e.g. Intake Form
  1. Assigned: user only has access to investigations they are explicitly assigned to.

Access Groups

You can group together users with the same permissions through Access Groups. All users must belong to at least one access group. If a user belongs to more than 1 access group, then they are allowed to execute an action if at least 1 access group gives them permission for that action.

By default, your account will contain an Admin Access Group with full account access. We recommended minimizing the number of users with Admin access by creating additional Access Groups with limited access and assigning your account users to these groups. In general, it’s best to follow the principle of least privilege.

Create or Edit Access Groups

In order to create a new access group, visit the Users page (via Users on left-side navbar) > Permissions tab.

Click + Access Group and give your new access group a unique name.

Access Groups

After the Access Group is created, click the unlock button to unlock the Access Group for editing. Modify the permissions as needed and then click Save to save your changes.

Set Access Group for Users

In order to add or remove users to a particular Access Group, visit the Users page (via Users on left-side navbar)

Users tab. Click the Permissions cell for the user you want to modify and select the Access Group(s) you want the user to belong to.

Assign Investigation to User

You can explicitly assign investigation access to users as needed. Note: this is required for users that have the Assigned permission for investigation access.

In order to do so, visit the Investigation you want to grant access to. Click the ... options button next to the investigation name and select Share Case.

Share Case

The popup shows all the Access Groups and individuals that have access to an investigation case. You can explicitly assign investigation access to a user by click the + Assign User button and selecting the user you want to grant access to.

Do you have a feature request for more RBAC configuration options? Please contact support@tensorcase.com. We want to hear from you!

MFA (2FA)Multiple Organizations