Skip to main content

Example Password Vault PEP

Password Vault Policy Enforcement Point

Use case example 1

We want to define a policy to restrict access to the Soffid Password Vault.

The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault

  1. The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

Policy set

First of all, we define a policy set which could contain another policy sets and policies.

image-1628240486192.png

 

Policy set 2

Then, we can create another policy set as child of the former to manage the folder and to define the subject, in that case users with SOFFID_ADMIN role assigned.

image-1628240781296.png

That policy set will contain the policies.

image-1628240820879.png

Policies

Policy 1

The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case.

image-1628240889871.png

Rule 

We define the rule that permit access to the end-user  

image-1628241172154.png

And we define other to deny access.

image-1628241209362.png

Use case example 2

We want to define a policy to restrict access to the Soffid Password Vault.

The users who are assigned to the SOFFID_ADMIN role (from this point forward: end-users) will have limitations to perform some actions on the folder "demoFolder" of the Soffid Password Vault

  1. The end-users only be able to access the accounts of that folder on labour time. The permissions will be denied in other case. (Use case example 1)
  2. To connect there are some obligations to fulfill

image-1643698970894.png

Download XML

You can download a XML file with the example: policy-demoFolder.xml

Configure PEP

image-1628239716307.png

 

 

 

Back to top