Example Password Vault PEP
Password Vault Policy Enforcement Point
Use case example 1
We want to define a policy to restrict access to the Soffid Password Vault.
The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault
- The end-users only be able to access the accounts of that folder on labor time. The permissions will be denied in another case.
Policy set
First of all, we define a policy set that could contain other policy sets and policies.
Policy set 2
Then, we can create another policy set as a child of the former to manage the folder and to define the subject, in that case, users with SOFFID_ADMIN role assigned.
That policy set will contain the policies.
Policies
Policy 1
The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.
Rule
We define the rule that permit access to the end-user
And we define other to deny access.
Use case example 2
We want to define a policy to restrict access to the Soffid Password Vault.
The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault
- The end-users only be able to access the accounts of that folder on labor time. The permissions will be denied in another case. (Use case example 1)
- To connect there are some obligations to fulfill
Download XML
You can download an XML file with the example: policy-demoFolder.xml