PLEASE NOTE THAT NEW ROLES WILL BE ASSIGNED UPON LOGIN BASED ON OLD ROLES.
We are happy to announce that we introduced a major software update on the 18th of May. The major component of the patch consists of new functionality for access control mechanisms, together with minor bug fixes and improvements. We have also added more in-application help to increase usability and links to our user forum and help desk to increase accessibility.
(Remember to restart the application by holding down Ctrl-Shift-r for the changes to take effect)
New Role-Based Access Control (RBAC) Mechanisms:
Diri now allows for tailoring of roles and accesses based on roles. RBAC is an approach to restricting system access to authorized users. RBAC mechanisms are defined around roles and privileges. Each primary functionality in Diri is now mapped to the RBAC and can be assigned to a role.
RBAC makes it easy to assign permissions based on a role and is a simple way to limit access to that necessary to perform user assignments. RBAC can be used to facilitate the administration of security in large organizations with hundreds of users and thousands of permissions.
The RBAC panel is accessed via a tab at the top of the "Users" menu and is visible to administrators by default:
Accessing the RBAC (for admins)
Inherited and defaut roles in Diri
The two previous roles, admin and user, will be converted to new roles in the RBAC. The privileges will be identical to previous roles. However, the original User role will also be able to read the organisation and the settings. The Admin user will have all privileges in Diri.
Example of access control settings for risk assessments.
We will make more default role configurations available to your organization to choose from, or you can choose to build your own configuration.
Improved integrity in signing and approving a risk assessments
As shown in the above picture, "Sign treatment plan" is now a privilege managed through the RBAC. In practice, we can create risk owner / decision-maker roles in Diri that, e.g. can have read and signing privileges.
Improved access control to objects
Objects in Diri with improved access control are Risk assessments, Treatments, and Surveys. IT systems in use across the organisation can now be set to share and read such that all users can see the risk assessment. Risk assessments can also be "Made public", which makes them visible to all Diri users in that instance.
Access control panel for risk assessments
Treatments are now detached from risk assessments and exist as individual objects in Diri. This change provides needed flexibility to the process by allowing users to add, share, and control treatments as individual objects. A global treatment in use across multiple risk assessments can now be read-only to protect the integrity of the treatment while still allowing for it to be widely employed. The settings are described in our help desk article on RBAC
Generic improvments in Diri
Changed e-mail service provider to Mailjet
We changed our in-application service provider for sending notifications to Mailjet. This choice was made due to privacy issues with our previous service provider.
Improvements in infrastructure
We are still rebuilding our SaaS infrastructure to scale better. Still, the software sluggishness on loading some dashboard cards and longer lists should be improved.
Minor Improvements and bugfixes
- Added new help fields and text boxes to improve user-friendliness, such as the Diri-helper on the new access control GUI.
- Overall risk assessments now have a "Responsible" field used in the risk registry.
- Stabilised and optimised the copy function for the new RBAC. Please note that users can only copy a system if they have both "copy"-rights and "create new system"-rights
- Fixed bug that prevented empty organisations from being deleted.
- Added and fixed several autocomplete fields throughout the application.
- Fixed bug for when the Risk Matrix did not update properly.
- Fixed bugs regarding deleted risk assessment with global treatments showing no access to risk assessment in the treatment menu.
Technical documentation and help
Are all available at our help desk. We now have over 30 knowledge pieces and thorough documentation of the Diri functionality. The help desk is continuously improved, and we welcome all suggestions for improvements, bugs, new functionality, and all risk related discussion. In the application, click the "Community & Help" button in the main menu.
Be sure to check out our new webpage!
We launched a new English webpage
in the beginning of May, marking our complete transition to Diri International!
Automation and user-friendliness will be high on the agenda in the coming months, so stay tuned!