Example: protecting and isolating confidential information with scopes of authority
The following example illustrates a practical application for defining scopes of authority through roles and resource groups.
Your environment has the following configuration:
Three
protection storage systems named
Finance,
Engineering, and
HumanResources.
Three asset sources named
Payroll,
Prototypes, and
Investigations.
Three users named
Gurpreet,
Lisa, and
Eric, all with the
Restore Administrator role.
Each named user administers the assets for a different department.
Without resource groups, there is no defined scope of authority. All three users can restore from a backup of any asset source, even if those assets belong to another department and the backups contain confidential information.
To ensure information security, you can define three resource groups:
FinDeptRG,
EngDeptRG, and
HRDeptRG. Now you can use these resource groups to create separate scopes of authority for each user:
Table 1. Resource groupsResource groups
Resource group name
Included resources
FinDeptRG
Finance
Payroll
EngDeptRG
Engineering
Prototypes
HRDeptRG
HumanResources
Investigations
Table 2. Scopes of authorityScopes of authority
User
Role
Scope
Gurpreet
Restore Administrator
FinDeptRG
User
All assets
Lisa
Restore Administrator
EngDeptRG
User
All assets
Eric
Restore Administrator
HRDeptRG
User
All assets
The three users still share a common role in the same organization. However, the separate scopes prevent a user from acting on resources that belong to another department.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\