Create authorisation concept – Role-Based Access Control (RBAC)

Record all users (e.g. John Doe) and add relevant metadata such as department and location. This information supports automated processes such as provisioning and deprovisioning.

Record teams or departments (e.g. Human Resources, Administration, IT) based on your oganizational chart in order to group permissions later.

Define roles based on job functions (e.g. marketing manager, sales manager, IT supporter) clearly and granularly so that they can be reused.

Avoid ‘one-to-one’ roles per user, as this limits scalability. (E.g. marketing manager A, marketing manager B)

List all applications (App Permissions) that users need access to (e.g. ERP system, Netbox, etc.).

Record folder structures and permissions at the appropriate level of granularity (e.g. top-level folders vs. individual subfolders)

Also record the access levels for the various apps, e.g. Netbox Admin or ERP Admin, etc. (Access Permissions).

Assign users to the appropriate teams and roles. You can also assign users directly to roles.

Link the roles to the corresponding application and file permissions (App and Access Permissions).