Example Password Vault PEP

Password Vault Policy Enforcement Point

Use case example

We want to define a policy to restrict access to the Soffid Password Vault.

The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault

1. The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

Policy set

WeFirst of all, we define a policy set thatwhich willcould applycontain another policy sets and policies.

 

Policy set 2

Then, we can create another policy set as child of the former to usersmanage who have been assigned a specific role in order to access to a specific vaultthe folder and to define the accountssubject, saved atin that folder.case users with SOFFID_ADMIN role assigned.

That policy set will include a policy aboutcontain the time to access and other policy about specific user restricctions.policies.

Policies

Policy 1

ThatThe policyend-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

Rule 

We define the periodrule ofthat timepermit in which the user could connectaccess to the resources.end-user  

Rules

The Labour time rule will allow access between two specific hours.

TheAnd we define other rule willto deny access.

Policy 2

That policy will define restrictions for a specific user.

Rules

That rule will deny the access to a specific user.

That rule will permit the access to the other users.

Download XML

You can download a XML file with the example: policy-demoFolder.xml

Configure PEP