What permissions will a user end up if they are in two different J1 groups?

If a user ends up in two different J1 groups, does their access become a combination of their app and query permissions across both? Does J1 use least privilege principle?


  • jdowdy
    jdowdy ✭✭✭✭✭

    To answer the first question, user privileges are a union of their user group privileges in J1.

    An example of the combined User group permissions:
    A user is in the "Users" group and an "Example" group. The "Users" group has query permission to only allow specific integration instances. The other "Example" group app permissions allow admin to some features like "Shared: Questions." The user can perform some admin functions but only for the specified integration instances in the "Users" group.

    For the second question, in general, JupiterOne practices least-privilege throughout the business internally, and there are enough RBAC controls for J1 users to practice a least privileges approach externally as well.

This Month's Leaders