Data Access Control¶
The data access control measures in Securden ensure that after successful authentication, users get access only to the passwords that are allotted to them after successful authentication. They won't get to know about the accounts that are not related to their job profile. Besides, granular permissions determine the level of control over the passwords accessed.
Well-defined ownership¶
By default, the person who adds an account is designated as the owner of the account. This way, all accounts have well-defined ownership. No account is allowed to be left an orphan. When a user leaves the organization, the ownership has to be transferred to some other user. The security issues arising out of orphaned accounts are mitigated.
Folders as 'Micro Vaults'¶
Accounts can be grouped as folders, which are like 'micro vaults.' Each such micro vault can be granularly shared with the members of a group. For example, all Windows accounts can be grouped as a folder, and it can be shared with the 'Windows Administrators' group with granular privileges. When a new device gets added to the folder, it becomes available to the group and vice-versa.
Just-in-time access with release controls¶
Securden offers provision for ensuring just-in-time access to sensitive devices through password/access release controls. Users will have to raise a request, which is approved by administrators for time-limited access. At the end of the access period, the password can be automatically randomized.
Design Highlights
- Data Access Control
- Access control is intrinsically linked with user roles.
- Workflow-based release controls.