Table of Contents

Search

  1. Preface
  2. Introduction
  3. IDD Concepts
  4. Implementation Process
  5. IDD Configuration Manager
  6. Manual IDD Configuration
  7. IDD Global Properties
  8. Sizing and Platform Requirements
  9. Application Components
  10. IDD Security Configuration
  11. Data Security
  12. Example Role-Based Security Configuration
  13. Data Masking
  14. Siperian BPM Workflow Engine
  15. Locale Codes
  16. Troubleshooting
  17. Glossary

Data Director Implementation Guide

Data Director Implementation Guide

Tips for Designing Security for IDD Usage

Tips for Designing Security for IDD Usage

Implementing IDD security is an iterative and ongoing process.
To get started, you need to understand the various types of access to resources (objects and operations) that IDD users will need in your IDD application.
In SAM, the
role
is the core mechanism that determines how much access a user has to IDD resources. SAM is highly configurable and provides granular control over resources. Consider creating a separate role for each unique combination of objects/operations access, and assign privileges to that role. Roles can be based on other roles to create layers of expanding privileges. Once configured, you assign users to the role best suited to their job responsibilities.
This example scenario follows the principle of
least privilege
- access to resources are granted on an as-needed basis. By default, users have no permissions. You then selectively grant users only those permissions that are required to complete the operations for which they are responsible.
SAM configuration must match the IDD configuration. Whatever you configure in the IDD application, you need to configure SAM to provide sufficient privileges to support the configured IDD functionality.

0 COMMENTS

We’d like to hear from you!