1. Overview of the Security Controls in Kanbanize
The Security Controls and the Card Controls provide а way to manage your security environment at a global account level. These options ensure better data protection and defense against intrusion and unauthorized access to the system. The Security Controls are managed by Account Owners or users granted with "Manage Security Settings and access Audit Logs" privilege.
Switch the toggles to enable or disable the following security controls for the entire account:
- Public Filters - Enable or disable the creation of Public Filters in the account. If disabled, then the access to all existing Public filters will be revoked.
- Only internal users can access public filters - Allow logged users only to access public filters. If disabled, anyone on the internet with a link can view data in the public filter.
- Power BI search reports - control which users can create Power BI search reports in the account. If enabled, you can grant access to everyone, Account Owners, or specific users to generate Power BI search reports. When disabled, all existing Power BI search reports will be revoked, and users won't be able to create new ones.
- Public reports - Enable or disable the creation of Public Reports anywhere in the account. If disabled, access to all existing Public Reports will be revoked.
- Card attachments - enable or disable file attachments inside cards and initiatives. If disabled, then users will not be able to attach any files from their PC or cloud storage to the cards and initiatives.
- Allow inline images - Enable or disable inline images in the card's description, subtasks, comments, board/column/lane description, or rich text widget. If disabled, users will not be allowed to add new inline images. All existing inline images will not be visible until the security control is enabled again.
- Log out on browser close - log out users when they close their internet browser.
- Only Account Owners can create and copy workspaces and boards - If enabled, it allows the creation of workspaces and boards only by Account Owners. If disabled, Workspace Managers will be able to create boards too.
- Only Account Owners can delete workspaces and boards - If disabled, Workspace Managers will be able to delete the boards that they are assigned to.
Do not send email confirmation upon email address change - if enabled, the email address will be changed immediately, without confirmation by the user. The user would only receive an email informing them that the change of their email address has been performed.
Only Account Owners, Authors, or Shared with users can edit or delete business rules - Allow only Account Owners, authors of business rules, or users with whom the business rule is shared to edit or delete business rules. If disabled, users with Manage Business Rules admin privilege will be able to edit or delete business rules too.
- Notify owners or specific users over email when another user is invited as or promoted to an Account Owner - If enabled, Account Owners and selected users will receive an email notification when a user has been invited as or promoted to an Account Owner.
Note: the superuser and the user that has been promoted will not receive this email notification.
API access - It enables Account Owners and users with the necessary admin privileges to manage which users can and cannot access the API. You can grant API access to everyone, Account Owners only, or select specific users.
Note: If there is a role that enables “access API v1” from the Board Permissions, the users with that role will not be able to access the API if the API access security control is disabled.
Account Owners and users with the “Manage Security Settings” privilege can access the Password Policy menu inside the Administration panel, and will be able to define the following policies for account passwords:
- Require at least one uppercase letter
- Require at least one lowercase letter
- Require at least one digit
- Require at least one non-alphanumeric character (ex. !, @, #, etc.)
- Require minimum length – between 6 and 24 characters. (we recommend 10 or more)
- Password lifetime – when turned on, this option allows you to define a period (between 7 and 365 days) after which users need to change their password
- Enforce two-factor authentication (2FA) for all users – this option will automatically enable 2FA authentication for all users inside the account
Important: by default all new users, including those who decide to change their password, are required to have a password length of at least 6 characters.
Note: If you change the password policies and there is a user with a password that doesn’t meet the new requirements, the system will automatically redirect the user at their next login to change their password. Users will see the password requirements that have been applied and the system will show them whether they meet them or don’t.
In general, the card control options define who in the account will be able to create, edit, and delete card elements. This can be set to Account Owners/Admins*, Account Owners/Admins* and Workspace Managers, or "everyone" (allows any user to manage those card elements).
*An Admin is a user who has the “Manage Card Elements” admin privilege but is not an Account Owner.
- Users that can manage Blockers - select any of the three options.
- Users that can manage Stickers - select any of the three options.
- Users that can manage Tags - select any of the three options.
- Users that can manage Types - select any of the three options.
- Users that can manage Templates - select any of the three options.
- Users that can manage Custom Fields - select any of the three options.
2. How to access the Security Controls?
To access the Security Controls, open the Administration panel at the top right side of your board and select the Security & Audit tab.
To learn all about the Audit logs, please check the following article.