How Role-Based Access Control Keeps File Transfers Secure

Share:

In just 3 years, from 2019 to 2022, spending in the cybersecurity industry nearly doubled, increasing from 40.8 billion USD to 71.1 billion USD, according to statista.com. This is encouraging for anyone working in cybersecurity since organizations have put their money where their mouth is and prioritized cybersecurity. Unfortunately, simply spending more money on security software is not enough.

An important piece of the puzzle is access controls—specifically, what software or entities should users be able to access? That’s where role-based access controls come in.

What is role-based access control (RBAC)?

Role-based access control (RBAC) is closely related to the principle of least privilege (PoLP). This cybersecurity principle states that users should have the bare minimum of access and privileges needed to do their specific job. When role-based access controls are in place, users—whether external or internal—only have permissions to access, perform actions or administrate in specific areas of a company’s digital infrastructure.

In practice, RBAC could look like this breakdown of roles with example access points:

Role Access Examples
Customer
  • Support portal
  • Document or software repository
Finance
  • Payroll software
  • Financial management tools
Human Resources
  • Resume and application repository
  • Timesheet and attendance tracking software
  • Benefits management software
Marketing
  • Company social media accounts
  • Website content management system (CMS)
  • Email marketing services
Partner
  • Inventory software or portal
  • Payment or billing system
Sales
  • Customer relationship management (CRM) software
  • Scheduling software
  • Video conferencing and recording tools
Software Engineering
  • Cloud environments
  • Software development tools

What are the benefits of role-based access control?

The biggest benefit of RBAC is stronger security of the company’s data. Because each account has limited access to specific applications, environments or corporate entities, a hacked or compromised account (or simply a disgruntled employee) can do less damage to a company, its employees, its customers and its reputation. If a cybercriminal gains access to an account with RBAC in place, the damage they can do is limited to the specific entities it can access and not the entire infrastructure of the company.

Other benefits of adopting RBAC include

  • Improves compliance to industry standards and regulations regarding privacy and confidentiality of data.
  • Lowers costs for software or tools that charge by usage or number of users.
  • Reduces redundancy and interference between employees and teams from different departments.
  • Minimizes mistakes since employees can only access what they were trained to use.
  • Keeps employees focused on the tasks they were hired for.

How does role-based access control work in Thru?

Thru is a cloud managed file transfer (MFT) solution that includes RBAC as part of its security posture. Administrators are able to control access based on a user’s role, which is configured in the GUI admin section or via APIs.

Automated File Transfer Roles

In our automated file transfer admin portal, we initially implemented four user roles:

  • Instance Admin: Given access to all features and settings, including ability to create and manage users.
  • Instance User: Given access to all features and settings, except for the ability to create and manage users. Additionally, they cannot change instance wide settings.
  • Org User: Requires association with at least one organization. Access and functionality are limited to reading that organization’s configuration data and uploading / downloading files to the associated organization’s flow endpoints.
  • Org Transfer: Requires association with at least one organization. Access and functionality are even more limited than an Org User’s.

screenshot of admin user properties interface

System Roles and Granular Permissions

Additional system roles are now available. The roles for a user can be specified by clicking on one of the role templates or selecting relevant roles from the dropdown list. See our two examples below:

cropped screenshot showing portion of available roles in dropdown
cropped screenshot showing portion of available roles in dropdown with file upload and file download

Furthermore, admins can create new roles by assigning desired permissions from the available list. For example, in the screenshot below, a custom role named Monitoring Role was created:
screenshot showing portion of available roles in dropdown including new created custom role

The custom roles are then available for selection in the User Properties screen. Note in the following screenshot example that the newly created Monitoring Role is now available in the dropdown.

For more information, see our user guide about Granular Permissions »

cropped screenshot showing portion of available roles in dropdown

Ad Hoc File Sharing Roles

Our file sharing portal also has administrators choose from four roles:

  • Administrators have all the privileges to the site and can maintain the site.
  • Managers have the option to manage the users but will not have permission to change the site options.
  • Partner Managers have the ability to access the administration portal and manage users within the same domain.
  • Members can only access their own individual home folder and cannot navigate to the administration options.

screenshot of adding a user to a thru portal for file sharing

Group Permissions in Ad Hoc File Sharing Portal

Numerous default/built-in groups are available to manage different parts of the Thru file sharing system. Administrators can provide a user with additional capabilities and limitations by assignment to any of these groups. New groups, such as a Sales group for all sales representatives, can be added and their roles and capabilities defined by the admin.

screenshot of built-in groups in file sharing

Beyond RBAC: Thru’s Zero Trust Security Strategy

Role-based access controls help prevent unauthorized users from modifying endpoints or accessing data in Thru’s cloud MFT service. However, Thru doesn’t stop there. We incorporate multiple levels of security—cloud infrastructure security, application security and data security—so your files are always protected.

Learn about the additional measures Thru takes to ensure data security by going to our secure file transfer page »

[Note: This blog was first published on October 27, 2021, and continues to be updated to align with current product offerings.]

Share:

Have questions about managed file transfer?

Get answers, not a sales pitch. Our experts have analyzed, discussed and solved difficult file transfer challenges since 2002. We are here to help you.

Scroll to Top