Constraints

Understand the creation and management of JITPBAC Constraints for secure access control.

Overview of Constraints

In Just-in-Time Purpose-Based Access Control (JITPBAC), a Constraint specifies explicit rules or conditions that restrict access for identities within cloud and SaaS environments. A Constraint functions as the opposite of a Purpose. While a Purpose represents a defined set of employees and entities (such as connections and resources) that indicates which users are permitted to access or request access to those entities, a Constraint similarly involves a set of employees and entities, but explicitly prohibits access to the specified entities. In essence, a Constraint establishes a security policy that enforces denial of access, ensuring robust access control and data protection.

Constraint Lifecycle

Creation: A Constraint is established by specifying the connections, resources, and employees for whom access should be denied for the specified entities.
Usage: Constraints are enforced whenever a user (included in the Constraint) attempts to request access to a Purpose that contains any restricted entities. The Constraint prevents those users from requesting or gaining access to any of the defined entities, even if only one of them is present within the Purpose being requested.
Updates: Administrators can modify Constraint parameters at any time to address evolving security risks or changing organizational requirements.

Relevant Links:

PreviousStarting & stopping assigned purposes NextCreate constraint

Last updated 29 days ago

Was this helpful?