My company is in the beginning phases of building recipes within Docebo Connect. One thing that we noticed was that anyone who is a Super Admin can access the recipes we build out. Since there will be access to some sensitive information, I was wondering is it possible to limit access to Docebo Connect or even a project within Connect to just a select few Super Admins in the platform?
Answer
Docebo Connect IAM Permissions
Best answer by Ian
Not to my knowledge, but I am curious as to
- how many super admins you have;
- why you have that many; and
- what exactly is the sensitive data you’re concerned with?
Our organization has 8 super admins in total, and in practice only a couple of us use Docebo Connect. We use it to import employee data from Workday to Docebo, but there’s nothing available in Docebo Connect via the Workday integration that wouldn’t ultimately be visible to super admins via Docebo User Management anyway. We manage the security of Workday data on the Workday end, and only make what we need to share available via the Docebo System User that was set up.
Not to my knowledge, but I am curious as to
- how many super admins you have;
- why you have that many; and
- what exactly is the sensitive data you’re concerned with?
Our organization has 8 super admins in total, and in practice only a couple of us use Docebo Connect. We use it to import employee data from Workday to Docebo, but there’s nothing available in Docebo Connect via the Workday integration that wouldn’t ultimately be visible to super admins via Docebo User Management anyway. We manage the security of Workday data on the Workday end, and only make what we need to share available via the Docebo System User that was set up.
+6I am not the original poster, but I am going to respond as a “me too” - we are developing a use case for Workday integration and we have about 30+ SuperAdmins because PowerUser features don’t include all of the things we need our departmental/company admins to be able to do. We have a distributed model of expertise/responsibility, with a centralized group in charge of infrastructure, governance and training to make sure that our L&D colleagues are aware of the sensitivity of their role (“with great power comes great responsibility”).
Agree with the above-anyone that is designated as a super admin must be approved and trained how to handle PII and other sensitive information following the rule of least privilege. If they don’t need super admin permissions to do their daily work, then they shouldn’t have those permissions.
At the same time it is equally important to establish governance and best practices for all recipes that involve PII or other sensitive information. Anyone that is accessing Docebo Connect should be certified and trusted with that responsibility.
For example, one of the many best practices would be to mask data on action steps that involve PII.
Log in to Docebo Community
Enter your email address or username and password below to log in to Docebo Community. No account yet? Create an account
Docebo Employee Login
or
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.