- 2 minutes to read
- Print
- DarkLight
- PDF
About calculating the restriction of access groups
- 2 minutes to read
- Print
- DarkLight
- PDF
To add another layer of security to access control, the senhasegura platform implements a priority and restriction calculation for the Access Groups feature. During password view or login requests, the platform calculates these based on the date and time of the vault.
The calculation process
All access groups are represented by eight digits:
- The first group consists of one digit. This is the identifier digit. It will always take the value 1.
- The second group consists of three digits that take on a binary value, 0 or 1, indicating FALSE or TRUE. These are:
- The first digit of this group analyzes the user's permission for the requested action.
- The second digit in this group identifies whether or not the user needs a justification for the action requested.
- The third digit of this group analyzes whether or not the user needs approval to carry out the requested action.
- The calculation of the second group is based on the permissions of each user in each group and also on the time the request is made, as follows:
- If a user cannot perform the requested action, they’ll have the value
000
in this group; if the user can perform the action, they’ll have the value100
in this group. - If the user needs to justify the requested action, they’ll have the value
110
in this group. - If the user needs authorization to perform the requested action, they’ll have the value
111
in this group. - For example, if a user, however, requests an action in a time window that they aren't authorized for, the value of the second group will change. So, suppose a user needs authorization to carry out an action between 13:00 and 17:00; if the user does this request at 14:00, they will have
111
as a value in the second group. Likewise, if this same user carries out this same request at 17:01, he will have110
as a value in the second group.
- If a user cannot perform the requested action, they’ll have the value
- The third group comprises four digits and identifies the access group. This group is the access group ID and will always consist of four digits. For example, if the group ID is 45, this group will consist of the digits
0045
.
The analysis process
The first value to be analyzed will be the second group value. The access groups with the highest value in this group will be applied, as they’re the most restrictive.
Suppose two access groups have the same value in the second group. In that case, the third group will be analyzed, and the lowest value in this third group will indicate which access group will be applied (access, in this case, will be according to the access group with the lowest ID number).