Role delimitation of access
Information in the database of the IT-Enterprise system is of greatest value for companies using the system. Therefore, safe handling of information - one of the most important tasks in the IT-Enterprise system.
IT-Enterprise is integrated with the Windows security system. It is enough for the user to enter his login and password in the domain once. He will receive rights to work in IT-Enterprise on the basis of his Windows account.
The IT-Enterprise system supports two-factor authentication. Two-factor authentication is an additional level of security that ensures that access to the user account can be obtained only by the owner, even if his password has become known to someone else.
As the second factor of authentication, one of the following options can be used:
- Confirmation of mobile phone number
- Verify email address
- Confirm Google Authenticator secret key
When the user enters the system, then, in addition to login and password authentication, the system will ask him to enter a code (one-time password) that will be delivered to him by SMS, E-mail or with Google Authenticator.
There are many registries in the system. The following logs ensure that all user actions are recorded with the IT-Enterprise system:
- User logs. It fixes who and when registered on the system, what function used and when it was started, how much worked, etc .;
- Registry corrections directories. Fix cascading removals and replacements in tables for changing global directories;
- Revision Audit Registry database tables;
- System event log. When the specified events occur, a log entry is being written. The registry's log depends on the type of event. There is an opportunity for certain events to send messages to e-mail and to the administrator mobile;
- Logs of registration of all failures and incorrect completion of tasks.
At the IT-Enterprise system, data access and data manipulation functions are provided to roles-based users. Each user group (each role) configures a list of modules available for operation, as well as functions of each module: only viewing or modifying, data filtering, calculation mode limitations, etc. If the module or function is not available to the user, the module/function is not displayed in its main menu.
For users and groups, access to functions and calculations provided according to the schedule. For groups it is possible to create specialized modules, arbitrary menus, adjust existing menus, add and close functions in the menu.
The work of an individual user in the system can also be parameterized: various users are given different rules of work, configuring access to certain features of the system, as well as access to certain data (in divisions, groups of resources, accounts, etc.). For different groups (roles), access and work rules are configured.
In addition, individual work rules can be set depending on the computer - the workplace from which the user is working with the system.