Purpose

This policy defines access levels for users in Slack based on their roles within the organization. The goal is to maintain security, protect sensitive information, and ensure compliance with organizational guidelines.

Roles and Access Levels

The following roles are defined, each with specific access and permissions:

1. System Administrator

Access Level: Unrestricted

• Permissions:
  • Manage workspace settings, integrations, and security configurations
  • Add, remove, and modify users and their permissions
  • Access and manage private and public channels
  • Monitor activity logs and manage compliance settings

2. Student

Access Level: Moderate

• Permissions:
  • Access public channels
  • Join private channels upon invitation by an administrator or channel owner
  • Direct message (DM) other students and faculty members
  • Upload and share files within permitted channels
  • Limited ability to create channels (only within designated categories)

Access Control Measures

• Least Privilege Principle: Users should have the minimum level of access required for their responsibilities.
• Regular Audits: System and Security Administrators should periodically review user access.
• Role-Based Access Control (RBAC): Users should only be assigned roles aligned with their duties.
• Multi-Factor Authentication (MFA): Required for all System Administrators and strongly recommended for other roles
• Access Requests & Approvals: Any changes to access levels must be formally requested and approved by the appropriate administrator.

Conclusion

This policy ensures a secure and efficient working environment within Slack, protecting sensitive information while enabling collaboration. Any modifications to this policy must be approved by the System Administrator and reviewed periodically.