Managing Exceptions

Big ACL provides a robust framework for managing permissions within an organization. In certain situations, standard permissions may need to be overridden or modified to accommodate specific business needs. These modifications, known as exceptions, allow for granular control over user access without disrupting the overall permissions framework.

This documentation explains how exceptions are managed in Big ACL, their purpose, and best practices for implementing them.

What Are Exceptions?

Exceptions are temporary or permanent overrides to the default permission rules defined in Big ACL. They allow administrators to grant or restrict access to resources for specific users or groups outside the standard policy configurations.

Common Use Cases for Exceptions

Temporary Access: Granting access to a resource for a limited period (e.g., a contractor needing temporary access to project files).
Custom Roles: Allowing a user to perform actions not typically associated with their role (e.g., a manager needing access to an audit log).
Emergency Scenarios: Granting immediate access in critical situations (e.g., troubleshooting a production issue).
Special Exemptions: Restricting or expanding access for compliance or regulatory reasons.

Configuring Exceptions

Step-by-Step Guide

...

Best Practices

Minimize the Use of Exceptions
- Use exceptions sparingly to avoid overcomplicating the permissions structure.
Document All Exceptions
- Maintain clear records of why exceptions were granted and their duration.
Regularly Review Exceptions
- Periodically audit active exceptions to ensure they are still necessary.
Use Time-Bound Exceptions
- Where possible, set expiration dates to automatically remove exceptions after a specified period.
Communicate Changes
- Inform affected users or teams of any changes to access permissions resulting from exceptions.

PreviousLifecycle of an Authorization Rule NextAuthorization Landscape

Last updated 19 days ago