System Administration
APEX Cloud Apps implements fine-grained, role-based database level security access to documents, data and applications that ensures individuals can only access resources explicitly authorized by the System Administrator
Database level audit tracking captures all relevant transactions for activity analysis and management reporting and prompts ad-hoc email notification alerts when necessary
“A data-centric environment secures information at a granular level using zero trust architecture”
Security model
The default configuration for security identifies the following six levels:
- Public
- Official
- Official Sensitive
- Clearance Restricted
- Confidential
- Secret
Security levels are applicable to Users, Roles, Folders, Documents, Data and Applications
The Security Model is implemented using the System Administrator function which also creates and manages effectively unlimited numbers of Users, Roles and Folders.
Throughout the application database level audit tracking records every transaction.
Audit enquiries and reports are available to Roles possessing the appropriate security access
Data access
Database table row level access is also controlled by the System Administrator using both hierarchical and relational value sets: Roles that are associated with these value sets determine whether Users assigned to them can see rows containing those values.
Database column access is controlled using an obfuscation option which asterisks data for specified roles – simple to implement but totally effective in practice
Who guards the guards?
If the System Administrator upgrades a user’s security level then database level triggers initiate email notifications to all users at the new security level with details of the new person joining them and details of the System Administrator who made the change
Similarly, when a user’s role access is changed, all users in the new role are notified about the new member and who made the change