Skip to content

Data Access Control

The data access control measures in Securden ensure that after successful authentication, users get access only to the passwords that are allocated to them after successful authentication. They won’t get to know about the accounts that are not related to their job profile. Besides, granular permissions determine the level of control over the passwords accessed

Well-defined ownership

By default, the person who adds an account is designated as the owner of the account. This way, all accounts have well-defined ownership. No account is allowed to be left an orphan. When a user leaves the organization, the ownership has to be transferred to some other user. The security issues arising out of orphaned accounts are mitigated.

Folders as ‘Micro Vaults’

Accounts can be grouped as folders, which are like ‘micro vaults’. Each such micro vault can be granularly shared with the members of a group. For example, all Windows accounts can be grouped as a folder, and it can be shared with the ‘Windows Administrators’ group with granular privileges. When a new device gets added to the folder, it becomes available to the group and vice-versa.

Just-in-time access with release controls

Securden offers provision for ensuring just-in-time access to sensitive devices through password/access release controls. Users will have to raise a request, which is approved by administrators for time-limited access. At the end of the access period, the password can be automatically randomised.

Design Highlights

Data Access Control

  • Access control is intrinsically linked with user roles.
  • Well-defined ownership for accounts
  • Workflow-based release controls