# December 17, 2024

This release includes two new security enhancements to the Fusion platform.

### Restrict Fusion Access to a List of Allowed IPs

You can now restrict the IPs that can access Fusion to provide enhanced security. The allowed IPs restriction applies to both users logging into the Fusion Portal and usage of the API. It applies to both the initial authentication request and all subsequent API calls.

The default, which has not changed, allows any IP. Configure the allowed IP list in **Settings > User Management > Global Security/SSO** to restrict access by a list of allowed IPs.

If an API call is attempted from an IP that is not allowed, the response will be `403: Your IP address ${ip} is outside of access-allowed IPs range`.

See: [Allowed IPs](https://docs.netography.com/docs/global-securitysso-page#5-inbound-ip-allow-list)

### Full CRUD (Create/Read/Update/Delete Permissions) for Roles

You can now remove the **Read** permission from roles in Fusion, providing full CRUD (Create, Read, Update, Delete) access control. This allows you to create a role that do not have any ability to read/view areas of the product at all. Previously, roles could restrict create, update, and delete permissions, but you could not remove read access.

Roles can be modified with the new permissions in **Settings > User Management > Roles**.