Versions Compared

Old Version 3

changes.mady.by.user Michael Siebert

Saved on

compared with

New Version Current

changes.mady.by.user Michael Siebert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Version

We've encountered an issue exporting this macro. Please try exporting this page again later.

Last update

We've encountered an issue exporting this macro. Please try exporting this page again later.

Classification

Status
colourYellowGreen
titleinternal usePublic

Responsible

Chief Principal EngineerProduct Management

Consulted

Information Security Officer

...

With the help of role concepts, special rights can be assigned or withdrawn from individual team members within the our systems. The roles are divided into: Usersusers, referrers, and administrators, who have extended rights to change settings and configurations. When assigning rights, we recommend the principle of minimum rights: as few rights as possible, only as many as are absolutely necessary.

...

Administrators are users who have undergone special training on administrator rights and are therefore able to change general settings for the whole system.

The administrator is using the user group settings to define also the permissions for specific user groups. The following settings and permissions can be specified:

  • No rights (neither create, read nor change)

  • Display resources and categories

  • Create, edit and delete templates (resource status, forms, appointment reminders)

  • Read (read data only)

  • Create (enter data)

  • Change (enter, edit and delete data)

  • All rights (full access to data)

These rights can be assigned differently for each area in the portal or for each module. Different roles can also be created so that users with the same tasks can be assigned the same rights quickly and easily.

General Recommendations

For the secure usage of our system, we strongly recommend abiding by the following principles to secure the login. The most important of these are:

Strong Passwords

Passwords should be chosen in a way that they are difficult to compromise. We recommend following the advice from the BSI on choosing secure passwords. Our system enforces some of these rules. Nonetheless we recommend our customers choose secure passwords to match their own security requirements.

See the article from BSI: Sichere Passwörter erstellen (English here)

Blocking of Users

We also protect against unauthorized access by automatically blocking the login after several invalid login attempts. Also the Administrator can block everytime inactive users or can completely delete the user logins that are no longer required.
It is also possible to force the administrator to change a user's password. This then happens in a dedicated way

Access Control via IP Restrictions

Access control can also be set up by restricting IP addresses to individual IP addresses or network areas. This allows access exclusively via a known and confirmed environment and at the same time prevents unauthorized access from anywhere.

Multi-factor Authentication

...