PAM Access Group
senhasegura has a permission system, where is possible to segregate the actions that a user can perform within the platform. With Access Groups you limit the data that the user can use or see within the module.
Access Groups add another layer of security to ensure the principle of least privilege. Access Groups act as a filter for entities from their properties. This allows the Administrator to deliver different levels of security to the same user within their assignments in each product.
Segregated entities and their properties
All screens that a user has access to display information from privileged entities are filtered by the Access Group. Actions that can be taken also affect these privileged entities.
If the user has more than one access group that gives them access to privileged information, senhasegura will apply the most restrictive group rule.
Restriction levels:
Allows access to information;
Allow access by requiring justification of the requester;
Allow access within a time range and an approver;
Some PAM entities have attributes that can be used as a filter:
Devices properties:
Name of the device to which they belong;
Model of the device to which they belong;
Device tags;
Device site;
Device type;
Credential properties;
Credential username;
Additional credential information;
Credential tags;
Credential type;
By using these combinations of attributes you determine what information a group of users will have access to. Some information allows the use of wildcard or masks.