Access control

Manage who can perform certain operations within the Transcend system

Transcend allows for hyper-specific access control to restrict what your organization members can or cannot do on your organization's Transcend account. Every route that we expose has the ability to be managed from the Member Scopes tab →. This means the administrator of your account can dictate which views the users in your transcend account can see, as well as which changes they can make. We call these access controls scopes.

📘

Scope Tip: "This is a configurable scope!"

Throughout these docs, we will indicate when a section is referring to some set of scopes. Look for messages like this to determine how you can configure access control for certain features.

Scopes

We break down every view we show, and action we allow into scopes. An administrator of your Transcend account can assign these scopes to individual members, or to teams of members within your organization.

Scopes can also be assigned to API keys. The API keys can be given that same privileges as any member in your organization.

You can manage the assignment of "Scopes" on the Member Scopes → tab.

Users

Every employee, partner, or person that should have a login to your Transcend account is known as a member. By default, each member has no scopes. They cannot see any incoming Requests or private configurations for your organization. The only changes they can make are to their personal account settings.

In order for your members to start doing things like configuring your The Privacy Center or the The Data Map or responding to Data Subject Requests, you must assign them scopes.

You can manage and invite new "Users" on the Users and Scopes → tab.

Teams

Typically, groups of members should be assigned the same set of scopes. For this reason, we allow you to create teams of members, and assign scopes to everyone in that team. If you remove a member from a team, that member will lose the scopes it had from that team unless the member was also individually assigned those scopes.

You can manage and create new "Teams" on the Users and Scopes → tab.

Auto Provisioning with SSO

When one of your employees logs into Transcend for the first time using their SSO login, if you expose some certain attributes to Transcend, the employee will be assigned to the Transcend team when their account is created, thus giving them a specific set of scopes by default.

You can enable the following SSO attribute mappings:

Attribute

Transcend Mapping

Employee Details.Title

title

Employee Details.Department

department

Group Attribute Statement

groups