Security
All software made in the eMPATIX Framework has the following security modes.Role security
Every user can have zero or more roles attached.
The roles control
- Which templates you can view
- Which actions you can run (clicking buttons that changes data)
- Which tables you can not see, which you can see, which you can edit.
Independent from the role security is the fallback security model seeks to minimize damage if role security is compromised.
eMPATIX is spitted into three interfaces
- Internet. Everybody has access by default. Public assess.
- Extranet. Requires login. User can only see information related to the person logged in. eMPATIX checks the context for information belonging to either PersonID or CompanyID of the logged in person.
- Intranet. Requires login. A person is only allowed to log in to the intranet if found in a relationship with the company defined as owning the software according to the concern model. That means if a customer try’s to log in if given role access, they will still be denied login unless separately admitted in the template control mechanisms that is used to secure Intranet access.
- Deny first policy on everything, if security is not specified, you do not have access.
- Templates that are not entered into the security system is not accessible by default.
All activity in eMPATIX are logged and these logs provide detailed information on each transaction and can be sampled for irregularities.
Please read more about: Data Breach