Membership

Overview

The Membership Management module in AskInfosec allows organization owners and administrators to manage users, roles, and permissions within their organization. This module provides comprehensive tools for inviting new members, assigning roles, managing access controls, and maintaining the organization's user structure.

Effective membership management is essential for maintaining proper security boundaries, ensuring appropriate access to sensitive information, and enabling collaboration across your organization. The Membership Management module integrates with other components of AskInfosec to provide a comprehensive approach to user management and access control.

Key Features

Member Management

• User Invitations - Invite new members to join your organization

• Role Assignment - Assign appropriate roles to members based on their responsibilities

• Status Management - Activate, deactivate, or remove members as needed

• Bulk Operations - Perform actions on multiple members simultaneously

• Member Directory - View and search all members in your organization

Role Management

• Predefined Roles - Utilize system roles (Owner, Admin, User)

• Role Permissions - Understand the capabilities of each role

• Role Assignment - Change member roles as responsibilities evolve

• Role Visibility - See which members have specific roles

Access Control

• Permission Settings - Configure granular access controls for members

• Access Groups - Organize members into functional groups

• Department Assignment - Associate members with specific departments

• Resource Restrictions - Limit access to specific features or data

• Access Auditing - Track changes to member permissions

Accessing Membership Management

1. Log in to your AskInfosec account

2. Navigate to the main dashboard

3. Click on "Members" in the main navigation menu

4. You will be directed to the Members Management page

Members Management Dashboard

The Members Management dashboard provides an overview of your organization's membership:

• Member List - Complete roster of active members and pending invitations

• Role Distribution - Breakdown of members by assigned role

• Department Grouping - Members organized by department

• Search and Filter - Tools to find specific members

• Action Buttons - Quick access to common membership tasks

Managing Members

Viewing Members

The Members page displays a table with all current members and pending invitations:

1. Name - Member's full name

2. Email - Member's email address

3. Role - Assigned role (Owner, Admin, User)

4. Status - Current status (Active, Pending, Inactive)

5. Department - Assigned department (if applicable)

6. Join Date - When the member joined the organization

You can sort the table by clicking on column headers and filter using the search box.

Inviting New Members

To invite new users to your organization:

1. From the Members Management page, click the "Invite Members" button

2. Enter the email address(es) of the people you want to invite

   • You can enter multiple email addresses separated by commas

3. Select the role you want to assign to the new members

4. Choose a department (optional)

5. Add a personalized message (optional)

6. Click "Send Invitations"

7. The system will send email invitations to the specified addresses

Invited users will receive an email with instructions to join your organization. They will need to:

1. Click the invitation link in the email

2. Create an account or log in to an existing account

3. Accept the invitation to join your organization

Changing Member Roles

To change a member's role:

1. Locate the member in the member list

2. Click the "..." (more options) button in their row

3. Select "Change Role" from the dropdown menu

4. Choose the new role from the available options:

   • Owner - Full control over the organization, including billing and deletion

   • Admin - Administrative access to manage members, settings, and most features

   • User - Standard access to use the platform based on assigned permissions

5. Confirm the role change

6. The system will update the member's permissions immediately

Note: Only Owners can change other members to the Owner role. There must always be at least one Owner in the organization.

Deactivating Members

To deactivate a member (remove their access while preserving their account):

1. Locate the member in the member list

2. Click the "..." (more options) button in their row

3. Select "Deactivate Member" from the dropdown menu

4. Confirm the deactivation

5. The member will be immediately removed from the organization but can be re-added later

Bulk Member Operations

To perform actions on multiple members at once:

1. Select members by checking the boxes next to their names

2. Click the "Actions" button that appears

3. Choose the desired action:

   • Delete Selected Members

   • Change Role for Selected Members

   • Assign to Department

4. Complete the action-specific form

5. Confirm the bulk operation

6. The system will apply the changes to all selected members

Access Control Groups

Access Control Groups allow you to organize members into functional teams and manage permissions collectively.

Creating a Group

To create a new access control group:

1. Navigate to the Settings page

2. Select the "Groups" tab

3. Click "Create New Group"

4. Enter a group name and description

5. Select members to add to the group

6. Configure group permissions

7. Save the group

Managing Group Membership

To add or remove members from a group:

1. Navigate to the Settings page

2. Select the "Groups" tab

3. Click on the group you want to modify

4. Use the "Add Members" button to add new members

5. Use the "Remove" button next to existing members to remove them

6. Save your changes

Setting Group Permissions

To configure what a group can access:

1. Navigate to the Settings page

2. Select the "Groups" tab

3. Click on the group you want to modify

4. Go to the "Permissions" tab

5. Configure access to various features and modules

6. Save your changes

Department Management

Departments help organize members by business function or team structure.

Creating Departments

To create a new department:

1. Navigate to the Settings page

2. Select the "Departments" tab

3. Click "Create New Department"

4. Enter a department name and description

5. Assign a department head (optional)

6. Save the department

Assigning Members to Departments

To assign members to a department:

1. From the Members Management page, locate the member

2. Click the "..." (more options) button in their row

3. Select "Edit Department" from the dropdown menu

4. Choose the appropriate department from the list

5. Save your changes

Alternatively, you can assign departments during the invitation process or through bulk operations.

Role-Based Access Control

AskInfosec uses role-based access control to determine what actions members can perform.

Default Roles

The system includes three default roles:

1. Owner

   • Full control over the organization

   • Can manage billing and subscription

   • Can delete the organization

   • Can manage all members and their roles

   • Can access all features and settings

2. Admin

   • Can manage members (except Owners)

   • Can configure organization settings

   • Can access most features and settings

   • Cannot delete the organization or change billing

3. User

   • Basic access to platform features

   • Limited administrative capabilities

   • Access determined by assigned permissions and groups

Role Permissions Matrix

*Admins cannot modify Owner roles

Best Practices

Member Management

• Assign appropriate roles - Give members the minimum privileges needed for their job

• Use descriptive names - Ensure member profiles include full names for easy identification

• Regular audits - Periodically review member list and remove inactive accounts

• Document role assignments - Maintain records of who has what level of access and why

• Offboarding process - Establish a consistent process for removing departing members

Access Control

• Group by function - Create groups based on job functions or teams

• Limit sensitive access - Restrict access to sensitive information to those who need it

• Regular permission reviews - Periodically audit and update access controls

• Principle of least privilege - Grant only the minimum access needed

• Document access decisions - Record rationale for access control configurations

Security Considerations

• Prompt deactivation - Remove access immediately when a member leaves

• Role separation - Maintain separation of duties for sensitive operations

• Admin limitations - Limit the number of admin accounts

• Access monitoring - Review access logs periodically

• Invitation expiration - Set appropriate timeframes for invitation acceptance

Troubleshooting

Common Issues

• Invitation not received - Check spam folders or resend the invitation

• Permission denied errors - Verify role assignments and group memberships

• Cannot remove a member - Ensure you have the appropriate role to manage members

• Role change not taking effect - Try refreshing the page or clearing browser cache

• Cannot assign to department - Verify the department exists and you have permission to modify it

Getting Support

If you encounter issues with the Membership Management module:

1. Check the in-app help documentation

2. Contact your organization's system administrator

3. Submit a support ticket through the AskInfosec support portal

Conclusion

Effective membership management is essential for maintaining security, enabling collaboration, and ensuring appropriate access to your organization's resources. The Membership Management module provides the tools and structure needed to invite, organize, and manage your organization's members in a secure, efficient manner.

By following the processes outlined in this guide, you can establish a robust membership management approach that helps your organization maintain proper access controls while enabling productive collaboration across teams.