A typical DekkoSecure deployment comprises of a single Tenancy containing a number of Hubs, with each Hub corresponding to a project, team, engagement, or other business process relation.
Tenant admin
Can:
- Access the Tenancy manager
- Reset in-Tenancy users’ passwords if the trusted tenant policy is ON (non-SSO/AAD users only).
- Set Tenancy policies
- Manage Hubs and Users
- View traffic and storage activity
- View Tenancy audit logs (all Hubs in-Tenancy)
- Set SEIM integrations
- Delete Hubs
- Remove users from a Tenancy
Cannot
- Access in-Tenancy user’s content (files and messages) unless they are a member of a Hub and content is shared with them explicitly
- Change Hub-specific settings (manage users, etc.) unless they are a member of the Hub and set as a Hub admin
Tenant admins can be identified by their marking in the Tenancy Manager (Users tab):
Hub roles
Hub admin
Users are automatically set as the Hub admin for each Hub they create. Admins are also Hub Team Member user type (see below).
Can:
- View Hub contact list
- Manage Hub branding
- Invite users to the Hub (unless disabled by another Hub admin)
- Manage Hub members
- Set user’s types, set addition Hub admins, remove users
- Access Hub registration links
- View Hub audit logs
- Delete the Hub
- Share files with, request signatures from, and message Team Member users in the Hub
- Share files with, request signatures from, and message External Member users in the Hub
Cannot:
- Access other in-Hub user’s content (files and messages) unless content is shared with them explicitly
Hub admins can be identified by their marking in the Tenancy Manager (Hubs tab):
Hub member - Team Member
Can:
- See other users Team Member users in the Hub contact list
- Share files with, request signatures from, and message other Team Member users in the Hub
- Share files with, request signatures from, and message External Member users in the Hub
- Invite users to the Hub (if given permission by their inviter)
Cannot:
- Access other in-Hub user’s content (files and messages) unless content is shared with them explicitly
- Access Hub admin controls
Hub member - External Member
Can:
- See Team Member users in the Hub contact list
- Share files with, request signatures from, and message Team Member users in the Hub
Cannot:
- See External Member users in the Hub contact list
- Share files with, request signatures from, and message External Member users in the Hub
- Access Hub admin controls
- Invite users to the Hub
- Access other in-Hub user’s content (files and messages) unless content is shared with them explicitly
- Access Hub admin controls
Note: The ability to upload files to the root of a Hub can now be disabled for users with the External member type. This means that when the policy is turned on, Externals will only be able to upload files into folders where they have been granted permission, and nowhere else.
Member Visibility
This graphic is a simple representation of who can see who (and who can share with who) in a Hub, based on their membership type. If a Team member shares a file with two Externals, neither external will know that the other has received the file (similar to BCC on email).
