5.5.4 Label Permissions

Besides acting as containers or assignable tags to help group and organize Access Profiles, Labels allow administrators to define rules to control whether groups or users can access the Access Profile(s) they contain. Together with permissions and policies, Labels support the creation of granular and dynamic security scenarios aligned with the Principle of Least Privilege and Zero Trust architecture models.

Labels are assignable tags that act as logical filters for Access Profiles. They determine whether an Access Profile is visible or available to a user or group at any given time, based on contextual conditions. This enables flexible, context-aware access control and helps enforce security policies more effectively.

Thinfinity® Workspace also supports nested Labels. This hierarchical structure allows administrators to:

• Assign permissions to specific users or groups.

• Organize multiple Access Profiles that point to the same end resource.

• Group and manage these Access Profiles under different Labels to implement fine-grained access control.