5.5.4 Label Permissions

Besides acting as containers or assignable tags to help group and organize Access Profiles, Labels allow administrators to define rules to control whether groups or users can access the Access Profile(s) they contain. Together with permissions and policies, Labels support the creation of granular and dynamic security scenarios aligned with the Principle of Least Privilege and Zero Trust architecture models.

Labels are assignable tags that act as logical filters for Access Profiles. They determine whether an Access Profile is visible or available to a user or group at any given time, based on contextual conditions. This enables flexible, context-aware access control and helps enforce security policies more effectively.

Thinfinity® Workspace also supports parent Labels, which can contain other Labels. This hierarchical structure allows administrators to:

• Assign permissions to specific users or groups.

• Organize multiple access profiles that point to the same end resource.

• Group and manage these access profiles under different Labels to implement fine-grained access control.

Permission Inheritance

Resources can inherit permissions from the labels (or tags) they are associated with. This streamlines permission management across grouped resources.

Permission Groups

Permission groups can be associated with Labels, allowing administrators to manage access policies to sets of resources in bulk.