Appropriately managing complex access permissions is a crucial part of mature security programs at companies like Discord. Access controls that are easy to understand and manage make our lives easier, while poorly configured access controls often lead to significant harm.
74% of all breaches involve the human element, with privilege misuse and stolen user credentials being two of the primary threats. This indicates that access control is crucial to the security of businesses, especially when it comes to protecting proprietary information and sensitive systems. That said, plans and policies designed to manage permissions tend to cause headaches for end-users and leave the decisions about “who can access what” in the hands of people who don’t have much information about the resources – often IT or Security.
To address this within Discord, we built a new internal portal for staff to manage their permissions. We created it with the goals of security, transparency, and ease of use in mind with the intention of eventually making the tool publicly available and free to use.
We’ve been hard at work to make our vision a reality and are happy to announce that Access has now been open-sourced on GitHub for anyone to utilize. In this article, we’ll discuss our path to creating Access and highlight its biggest features.