Firm Dashboard
      Back to home
      1. Steno Help Center
      2. For Firms
      3. Firm Dashboard

      What is Role-Based Access Control?

      Role-Based Access Control (RBAC) is a security feature that allows your firm to control which users can access specific cases and jobs in your Steno dashboard.

      Key Concepts

      • Firm Admin: Can manage all users and all cases across your organization 
      • Case Access: Users only see cases they've been explicitly granted access to 
      • Job Access: Users only see case details specific to a certain Job (deposition, hearing, etc) they’re a part of without accessing all other case details or other jobs
      • Shared Links: Links to Job Materials and Invoices in email notification that can be enabled/disabled per your security policies

      What Happens When You Enable RBAC

      By default, Case Access is shared to everyone at your firm. This means that all members can view any and all Case and Job details and materials. This includes:

      • All transcripts and exhibits
      • All job details and witness names
      • All invoices and billing information
      • Cases from any office location or practice area

      With RBAC enabled, you can choose exactly who sees your case files.

      Choose Your Firm's Default Access Model

      Two settings work together to define your firm's access model: default case access and shared links. Configure both to match your security needs.

      1. Default Case Access

      Option 1: Open Collaboration with Selective Restrictions

      With this setting enabled you still have the ability to go to specific cases and remove the shared access and restrict to only certain members. Any new cases or jobs made in the future will also be shared to everyone by default in this model. 

      • Default: Everyone still sees everything (just like today)
      • When needed: You can restrict specific confidential cases to selected users only
      • Best for: Firms that want flexibility to lock down sensitive matters while keeping most cases open Firm Settings Page - Share with everyone-1

      Option 2: Restricted Access by Default

      Alternatively, you can choose the option to restrict access to select users by default. With this enabled all new cases moving forward will only be accessible by the Case Admin and Firm Admins until Access Settings are modified for that case to share visibility to others. 

      • Default: New cases are only visible to the person who books them
      • When needed: Case administrators explicitly share access with other team members
      • Best for: Firms requiring strict security controls on all matters Default Access Off-1

      2. Shared Link Settings

      Shared links are secure URLs in email notifications that provide direct access to transcripts, exhibits, and job materials.

      Important: Shared links bypass dashboard access restrictions. This mean anyone with an email link can access materials, even when the case is restricted to select users.

      • With shared links enabled: Anyone with the link can view materials directly 
      • With shared links disabled: Users must log into the dashboard where case permissions are enforced Link Sharing Off-1

      For complete access control, disable shared links to ensure all access to case materials goes through the authenticated dashboard login flow first. Learn more about configuring shared link settings

      Firm Dashboard User Access Roles

      RBAC uses two types of roles that work together:

      1. Firm-Level Roles

      Firm Admin

      • Full control over all users, cases, and settings across your entire organization
      • Can override any case restrictions
      • Manages firm-wide RBAC settings
      • Example: Your managing partner who needs to oversee all case access

      Billing User

      • Access to all billing information and invoices firm-wide (invoices include job-level details such as case name, number, and witness names)
      • Cannot access case content, transcripts, or exhibits
      • Perfect for billing staff who need financial visibility without case materials
      • Example: Your bookkeeper who processes invoices but shouldn't see confidential case information

      Member (Standard User)

      • Default role for most users
      • Access to cases is managed at the case level (see Case-Level Roles below)
      • Can be assigned as Case Admin or Case Viewer on specific cases

      2. Case-Level Roles

      Case Admin

      • Can see all materials and jobs for specific cases they manage
      • Can add/remove other users from their cases
      • Can assign roles (Case Admin or Case Viewer) to other users
      • Automatically assigned to whoever first books a job on a new case
      • Example: A lead attorney books the first deposition on "Smith v. Jones" and becomes Case Admin, or a senior paralegal is manually assigned to manage a complex case

      Case Viewer

      • Can see all materials and jobs for assigned cases
      • Cannot manage who else has access
      • Perfect for team members who need visibility but not administrative control
      • Example: An associate attorney is added to a case to review all transcripts and prepare for depositions but doesn't need to manage team access

      Job Manager (Automatic)

      • Can only see the specific job they're connected to
      • Automatically assigned based on their role on the job
      • Two levels:
        • Job Owners (ordered by/on behalf of): Can edit job details
        • Job Participants (ordered to/bill to): View-only access
      • Cannot see other jobs within the same case
      • Example: A paralegal orders a single deposition on an existing case and automatically gets access to the job's materials upon completion, but can't see the other 10 depositions already completed in the case

      Learn How to Enable Role-Based Access Control in your Firm Dashboard here.

      RBAC Best Practices

      As a Firm Administrator, you're responsible for maintaining secure access to your firm's sensitive case materials. Following these security practices helps protect confidential information and ensures your team has appropriate access.

      • Maintain Multiple Administrators Always have at least 2 active Firm Admins. If your only admin leaves the firm, is on vacation, or becomes unavailable, no one else can manage user access, add team members, or handle urgent access requests. Having backup admins ensures continuity.
      • Remove Access Immediately Remove dashboard access the same day someone leaves your firm or changes roles. Delayed removal creates security risks, especially for departing employees who may still have access to confidential materials through email links or saved login credentials.
      • Conduct Regular Audits Schedule regular reviews to:
        • Remove accounts for departed employees
        • Update permissions for users whose roles have changed
        • Verify Case Admins are still appropriate for their assigned cases
        • Review your most sensitive cases to ensure access is still properly restricted
      • Document Access Decisions Keep a simple record of who requested case access and why. This documentation helps during audits, supports your security policies, and provides a clear trail if access decisions are questioned.

      • Start with Sensitive Cases First When implementing RBAC, begin by restricting your 3-5 most confidential cases rather than trying to configure everything at once.

      • Train All Admins Ensure they know how to handle common scenarios like adding new users, employee departures, and confidential case setup.

      Need help implementing these practices? Contact your Steno Account Manager at concierge@steno.com for guidance tailored to your firm's specific security requirements.

       

      More Articles:

      How To Enable Role-Based Access

      What Are The Firm Dashboard Roles

      How to Modify Shared Links

      How To Update Case Access