Constraints

Overview of Constraints

In Just-in-Time Purpose-Based Access Control (JITPBAC), a Constraint specifies explicit rules or conditions that restrict access for identities within cloud and SaaS environments. A Constraint functions as the opposite of a Purpose. While a Purpose represents a defined set of employees and entities (such as connections and resources) that indicates which users are permitted to access or request access to those entities, a Constraint similarly involves a set of employees and entities, but explicitly prohibits access to the specified entities. In essence, a Constraint establishes a security policy that enforces denial of access, ensuring robust access control and data protection.

Constraint Lifecycle

1. Creation: A Constraint is established by specifying the connections, resources, and employees for whom access should be denied for the specified entities.

2. Usage: Constraints are enforced whenever a user (included in the Constraint) attempts to request access to a Purpose that contains any restricted entities. The Constraint prevents those users from requesting or gaining access to any of the defined entities, even if only one of them is present within the Purpose being requested.

3. Updates: Administrators can modify Constraint parameters at any time to address evolving security risks or changing organizational requirements.

Relevant Links:

• Create constraint

• Edit constraint

• Delete constraint

• Filtering constraints