Access Control Policy

Introduction

Access to data within JobTeaser platform is governed by access rights. JobTeaser has various permission levels for users (student, recruiter, administrators, super-administrators, JobTeaser staff, etc.).

JobTeaser’s approach for defining access privileges and roles is to provide predefined roles with the appropriate permissions covering the most common use cases and best practices. As so, it keeps it simple to understand for super-administrators (either customers, partners or JobTeaser’s staff) that are responsible for giving access privileges to other users. This ensures that the appropriate roles are given to users, fitting their needs, enabling to follow the least-privilege principle. Defining too many roles or enabling too much granularity to define privileges and roles will generally lead into a lower security level because administrators tend to give broader privileges than necessary due to the complexity of the roles configuration.

Roles and permissions differ depending on the application. The main roles are described below.

JobTeaser and Career Centers

Students

  • Authorized to navigate for their own account on the front-office side of the platform to use its features (access content, register to events or apply for jobs, manage its account and preferences…).
  • Not authorized to access the back-office side of the platform.

Company administrators

Several roles exist for administrator, providing different set of privileges based on the role of the company’s collaborator:

  • Recruiters are authorized to manage job applications and access the candidates’ information.
  • Administrators can edit the company details.
  • Super-administrators are allowed to create new members within the company.

School or university administrators

Several roles exist for administrators, depending on their role in the school or university staff. Privileges, in particular access to student data, depend on the role.

  • Super-administrators can create school/university administrator users
  • Administrators can access all modules in the school/university back-office
  • Content managers have access to Companies, Offers, Events, Newsletter and resources modules
  • Company content managers have access to Events, Newsletter and Resources modules
  • School content managers have access to Events, Newsletter and Resources modules
  • Career advisers have access to Users and Appointments modules
  • Company relationship officers have access to Company, Offers, Events and Talent Banks modules