- Data import from Active Directory or an ERP system
- ADFS - Active Directory Federation Services
- Manually by Orbit Online developers
- Set by customer Admin users directly in Orbit
All of the above-mentioned methods require appropriate verification procedures that are adapted to the circumstances in which they are deployed.
Before a data import can assign roles to users, the customer must ensure that the users who can affect a change in the data export end do not have fewer permissions on the data import end. Similarly, the customer must ensure restricted access to any system that may affect what roles an ADFS server instructs Orbit to entrust a given user with.
With regards to manually assigning roles, Orbit Online developers never perform any assignments without explicit written instructions to do so by previously agreed upon employees of the customer.
Orbit also provides the ability to enable users to assign privileges to other users through their profile. In these circumstances, Orbit Online makes sure that no combination of the assigned rights allows any user to elevate the permissions to a level beyond the ones currently assigned.