Authorization and access overview

Users' access to evidence, features, and other resources in Axon applications is determined by a number of profile and organizational settings. Select the links below to learn more about each.

  • Roles & permissions

  • Groups

    • Evidence groups

  • Command Hierarchy

  • Access control list

  • License tiers

Authorization and access principles

The way authorization and access works is guided by the following concepts:

  1. Least-privilege

    1. Admins should only give users the absolute minimum access rights and permissions necessary to perform their designated tasks. This is reflected in our feature design: Role is meant to give baseline permissions necessary for the user to do their job. A role with broader permissions can be assigned if the user needs access to more resources.

  2. Transparency

    1. We believe transparency is a must for access control. There are no hidden or implied permissions or logic that can lead to feature misuse or guesswork because that will mean serious consequences. Admins will always be able to know who has permission to do what. When something unexpected happens, such as a user being able to view what they are not supposed to, admins will know exactly the right place to configure the permission; and can trace back what permission or access changes have been made to the user profile, as well as who made the permission change.

  3. Centralized authorization, decentralized administration

    1. We believe our entire suite of products should share the same model of authorization for best cross-product adoption and integration, and lowest learning curve. We also recognize that often admin work is shared with people who may not assume the official "admin" role. Local admins should have the authority to manage their own users, but not manage other admins' users or counteract higher-leve settings and rules.

  4. Self-service

    1. We understand data security is critical, and also unpredictable. You own the data and know who needs access to what and why, and you can make the fastest decision. We believe in empowering admins to troubleshoot problems themselves and set up with confidence even when an Axon representative is not available to ensure we can minimize data security compromise.