Skip to main content

Example Password Vault PEP

Password Vault Policy Enforcement Point

Use case example

We want to define a policy to restrict access to the Soffid Password Vault.

The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault

  1. The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

Policy set

First of all, we define a policy set which could contain another policy sets and policies.

image-1628240486192.png

 

Policy set 2

Then, we can create another policy set as child of the former to manage the folder and to define the subject, in that case users with SOFFID_ADMIN role assigned.

image-1628240781296.png

That policy set will contain the policies.

image-1628240820879.png

Policies

Policy 1

The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

image-1628240889871.png

Rule 

We define the rule that permit access to the end-user  

image-1628241172154.png

And we define other to deny access.

image-1628241209362.png

Download XML

You can download a XML file with the example:  policy-demoFolder.xml

Configure PEP

image-1628239716307.png