Membership Management Guide
Overview
The Membership Management module in AskInfosec allows organization owners and administrators to manage users, roles, and permissions within their organization. This module provides comprehensive tools for inviting new members, assigning roles, managing access controls, and maintaining the organization's user structure.
Effective membership management is essential for maintaining proper security boundaries, ensuring appropriate access to sensitive information, and enabling collaboration across your organization. The Membership Management module integrates with other components of AskInfosec to provide a comprehensive approach to user management and access control.
Key Features
Member Management
User Invitations - Invite new members to join your organization
Role Assignment - Assign appropriate roles to members based on their responsibilities
Status Management - Activate, deactivate, or remove members as needed
Bulk Operations - Perform actions on multiple members simultaneously
Member Directory - View and search all members in your organization
Role Management
Predefined Roles - Utilize system roles (Owner, Admin, User)
Role Permissions - Understand the capabilities of each role
Role Assignment - Change member roles as responsibilities evolve
Role Visibility - See which members have specific roles
Access Control
Permission Settings - Configure granular access controls for members
Access Groups - Organize members into functional groups
Department Assignment - Associate members with specific departments
Resource Restrictions - Limit access to specific features or data
Access Auditing - Track changes to member permissions
Accessing Membership Management
Log in to your AskInfosec account
Navigate to the main dashboard
Click on "Members" in the main navigation menu
You will be directed to the Members Management page
Members Management Dashboard
The Members Management dashboard provides an overview of your organization's membership:
Member List - Complete roster of active members and pending invitations
Role Distribution - Breakdown of members by assigned role
Department Grouping - Members organized by department
Search and Filter - Tools to find specific members
Action Buttons - Quick access to common membership tasks
Managing Members
Viewing Members
The Members page displays a table with all current members and pending invitations:
Name - Member's full name
Email - Member's email address
Role - Assigned role (Owner, Admin, User)
Status - Current status (Active, Pending, Inactive)
Department - Assigned department (if applicable)
Join Date - When the member joined the organization
You can sort the table by clicking on column headers and filter using the search box.
Inviting New Members
To invite new users to your organization:
From the Members Management page, click the "Invite Members" button
Enter the email address(es) of the people you want to invite
You can enter multiple email addresses separated by commas
Select the role you want to assign to the new members
Choose a department (optional)
Add a personalized message (optional)
Click "Send Invitations"
The system will send email invitations to the specified addresses
Invited users will receive an email with instructions to join your organization. They will need to:
Click the invitation link in the email
Create an account or log in to an existing account
Accept the invitation to join your organization
Changing Member Roles
To change a member's role:
Locate the member in the member list
Click the "..." (more options) button in their row
Select "Change Role" from the dropdown menu
Choose the new role from the available options:
Owner - Full control over the organization, including billing and deletion
Admin - Administrative access to manage members, settings, and most features
User - Standard access to use the platform based on assigned permissions
Confirm the role change
The system will update the member's permissions immediately
Note: Only Owners can change other members to the Owner role. There must always be at least one Owner in the organization.
Deactivating Members
To deactivate a member (remove their access while preserving their account):
Locate the member in the member list
Click the "..." (more options) button in their row
Select "Deactivate Member" from the dropdown menu
Confirm the deactivation
The member will be immediately removed from the organization but can be re-added later
Bulk Member Operations
To perform actions on multiple members at once:
Select members by checking the boxes next to their names
Click the "Actions" button that appears
Choose the desired action:
Delete Selected Members
Change Role for Selected Members
Assign to Department
Complete the action-specific form
Confirm the bulk operation
The system will apply the changes to all selected members
Access Control Groups
Access Control Groups allow you to organize members into functional teams and manage permissions collectively.
Creating a Group
To create a new access control group:
Navigate to the Settings page
Select the "Groups" tab
Click "Create New Group"
Enter a group name and description
Select members to add to the group
Configure group permissions
Save the group
Managing Group Membership
To add or remove members from a group:
Navigate to the Settings page
Select the "Groups" tab
Click on the group you want to modify
Use the "Add Members" button to add new members
Use the "Remove" button next to existing members to remove them
Save your changes
Setting Group Permissions
To configure what a group can access:
Navigate to the Settings page
Select the "Groups" tab
Click on the group you want to modify
Go to the "Permissions" tab
Configure access to various features and modules
Save your changes
Department Management
Departments help organize members by business function or team structure.
Creating Departments
To create a new department:
Navigate to the Settings page
Select the "Departments" tab
Click "Create New Department"
Enter a department name and description
Assign a department head (optional)
Save the department
Assigning Members to Departments
To assign members to a department:
From the Members Management page, locate the member
Click the "..." (more options) button in their row
Select "Edit Department" from the dropdown menu
Choose the appropriate department from the list
Save your changes
Alternatively, you can assign departments during the invitation process or through bulk operations.
Role-Based Access Control
AskInfosec uses role-based access control to determine what actions members can perform.
Default Roles
The system includes three default roles:
Owner
Full control over the organization
Can manage billing and subscription
Can delete the organization
Can manage all members and their roles
Can access all features and settings
Admin
Can manage members (except Owners)
Can configure organization settings
Can access most features and settings
Cannot delete the organization or change billing
User
Basic access to platform features
Limited administrative capabilities
Access determined by assigned permissions and groups
Role Permissions Matrix
Manage Organization Settings
✓
✓
✗
Delete Organization
✓
✗
✗
Manage Billing
✓
✗
✗
Invite Members
✓
✓
✗
Remove Members
✓
✓
✗
Change Member Roles
✓
✓*
✗
Create/Manage Groups
✓
✓
✗
Create/Manage Departments
✓
✓
✗
Access All Documents
✓
✓
✗
Manage Access Controls
✓
✓
✗
*Admins cannot modify Owner roles
Best Practices
Member Management
Assign appropriate roles - Give members the minimum privileges needed for their job
Use descriptive names - Ensure member profiles include full names for easy identification
Regular audits - Periodically review member list and remove inactive accounts
Document role assignments - Maintain records of who has what level of access and why
Offboarding process - Establish a consistent process for removing departing members
Access Control
Group by function - Create groups based on job functions or teams
Limit sensitive access - Restrict access to sensitive information to those who need it
Regular permission reviews - Periodically audit and update access controls
Principle of least privilege - Grant only the minimum access needed
Document access decisions - Record rationale for access control configurations
Security Considerations
Prompt deactivation - Remove access immediately when a member leaves
Role separation - Maintain separation of duties for sensitive operations
Admin limitations - Limit the number of admin accounts
Access monitoring - Review access logs periodically
Invitation expiration - Set appropriate timeframes for invitation acceptance
Troubleshooting
Common Issues
Invitation not received - Check spam folders or resend the invitation
Permission denied errors - Verify role assignments and group memberships
Cannot remove a member - Ensure you have the appropriate role to manage members
Role change not taking effect - Try refreshing the page or clearing browser cache
Cannot assign to department - Verify the department exists and you have permission to modify it
Getting Support
If you encounter issues with the Membership Management module:
Check the in-app help documentation
Contact your organization's system administrator
Submit a support ticket through the AskInfosec support portal
Conclusion
Effective membership management is essential for maintaining security, enabling collaboration, and ensuring appropriate access to your organization's resources. The Membership Management module provides the tools and structure needed to invite, organize, and manage your organization's members in a secure, efficient manner.
By following the processes outlined in this guide, you can establish a robust membership management approach that helps your organization maintain proper access controls while enabling productive collaboration across teams.
Last updated