System Administration

APEX Cloud Apps  implements  fine-grained,   role-based  database   level  security  access  to  documents,   data  and  applications  that  ensures  individuals  can  only access          resources  explicitly   authorized  by  the System Administrator

Database level audit tracking captures all relevant transactions for activity analysis and management reporting  and prompts  ad-hoc email notification alerts when necessary

“A data-centric environment secures information at a granular level using zero trust architecture”

Mariel Cooley & Brian Orr  Booz Allen Hamilton

Security model

The default configuration for security identifies the following six levels:

  1. Public
  2. Official   
  3. Official Sensitive 
  4. Clearance Restricted     
  5. Confidential
  6. Secret

Security levels are applicable to Users, Roles, Folders, Documents, Data and Applications

The Security Model is implemented using the System Administrator function which also creates and manages effectively unlimited numbers of Users, Roles and Folders. 

Throughout the application database level audit tracking records every transaction.

Audit  enquiries  and  reports  are available  to  Roles  possessing  the appropriate security access


Data access

Database  table  row level access  is  also  controlled  by  the System Administrator using  both  hierarchical  and  relational value  sets:  Roles  that  are  associated with these  value  sets   determine  whether  Users  assigned  to  them  can  see rows  containing those values.

Database column access is controlled using an obfuscation option which asterisks data for specified roles  – simple to implement  but totally  effective in practice

Who guards the guards?

If  the  System  Administrator  upgrades  a  user’s  security   level   then          database  level   triggers   initiate    email  notifications  to  all  users  at  the  new   security  level  with  details  of   the new  person   joining  them   and      details  of  the  System Administrator  who made the change

Similarly, when  a  user’s  role access is changed,  all  users in the new role are notified about the new member and who made the change