High Security Settings

High Security Settings provide advanced security options for your instance.

These features are available:

  • Default property values: to harden security on your platform by centralizing all critical security settings to one location for management and auditing.
  • Default deny property: provides a security manager property to control the default security behavior for table access.
  • Security Administrator role: provides a role to prevent modification of key security settings and resources. The Security Administrator role is not inherited by the admin role and must be explicitly assigned.
  • Elevated privilege: allows users with the security admin role to operate in the context of a normal user and elevate to higher security role when needed.
  • Property access control: allows security administrators to set the roles required to read and write properties.
  • Transaction and system logs: are read only.
  • Access control rules: control what data users can access and how they can access it.

High Security Settings automatically activates the Contextual Security plugin if it is not already active. In addition, Platform Security Settings - High delivers the following settings and features in the context of increasing the security of your instance.

Property access control

Two additional columns are created in the Properties [sys_properties] table.

  • read_roles: a comma-separated list of role names that are allowed to read all fields of this property
  • write_roles: a comma-separated list of role names that are allowed to write/modify all fields of this property

Properties listed in the Properties table have read_roles of admin, and write_roles of security_admin. This means that users with the admin role can view and read the property values, but must elevate to the security_admin role to modify them.

Notifications

Activation of high security settings also activates security warning messages. The following is an example of a message that appears after an approval.

Figure 1. Security Warning notification