On This Page
Permissions
How to Restrict Access to TufinMate
Your Microsoft admin controls which Microsoft users have access to the TufinMate plugin in Teams.
Configure Role Specific Permissions
As the Tufin admin, you can use SecureTrack or SecureChange roles to specify what information users can obtain from TufinMate. If configured, TufinMate will verify the name and email address of the Teams user with a corresponding account in Tufin.
For each TufinMate feature, choose whether a corresponding SecureTrack or SecureChange account should be required.
Configuration Options
| No Tufin Account Required | Any user with access to the Teams plugin will be able to use the feature. TufinMate will not look for a corresponding Tufin account. No domain permissions of any type will be enforced. |
| SecureTrack Account Required Device Permissions Enforced | TufinMate will look for a corresponding SecureTrack account. After validating a corresponding account with a matching email exists, he will review the Device Permissions of that user. If all devices along the path match the Device Permissions, TufinMate will provide a complete response. If any device along the path falls outside the user’s Device Permissions, TufinMate will respond to the user saying access denied. If no account is found, he will respond to the user saying access denied. |
| SecureChange Account Required No role required | TufinMate will look for a corresponding SecureChange account. After validating a corresponding account with a matching email exists, he will respond to the user’s query. If Segregated Domains are configured in SecureChange, this setting will not be enforced. |
| SecureChange Account Required One or more roles required | TufinMate will look for a corresponding SecureChange account. After validating a corresponding account with a matching email exists, he will review the user’s assigned roles. If the user has at least one of the required roles, then he will respond to the user’s query. If Segregated Domains are configured in SecureChange, this setting will not be enforced. |
Configuration Example 1
Use your SecureChange roles to designate which groups of users should be able see various types of information. In this example, any user can ask a basic question about network connectivity, but only users with “need-to-know” roles can see device details or generate a report.
Configuration Example 2
You can control exactly who has access to TufinMate by requiring all users to have a SecureChange account, even if that SecureChange account is not assigned any roles. In this example, any user with a SecureChange account can check network connectivity or see device details. Only Network Administrators with a SecureTrack account can generate a PDF report. The feature to open SecureChange tickets is disabled.
