Security
Application Layer and User Level Security Options
Ensures Optimum Security for Hosted and Onsite Installations
End User Security enables granular access to just the functions and data each user needs

Security

Overview

Security in xAssets Applications falls into the following areas, User Security, Data Security, Audit Information and Application Security.

Application Security

xAssets Applications are secured using a combination of Sql Server, IIS and NTFS security options. Windows Authentication and Database Authentication are supported at the IIS and Sql Server level. This enables full access to an entire domain for self service or granular access based on the Active Directory Grouping of a User.

Security can also be an issue for Discovery processes. Hosted implementations (and Onsite Implementations) can use one or more local Collection Servers, placed at strategic network points, to facilitate the discovery of local assets using a specific set of credentials.

Browser security is maintained through the use of a sophisticated inter process communication mechanism, enabling security information to be stored against a browser without requiring an encryption of the username or password, since these items are only stored within the server domain or the sql server authentication mechanism. So no passwords are stored in the database and passwords are only sent across the internet in the case of hosted logons running under strong encryption with https/SSL.

Data Security

Data Security for hosted implementations is covered through a comprehensive Backup and Disaster Recovery Plan, which includes backup to multiple geographically distinct sites. Server failover is implemented for all enterprise installations.

Onsite implementations take care of their own backup and Disaster Recovery provisions. xAssets Engineers will help guide customers through the implementation of an effective strategy as part of the deployment process.

All solutions have the option to restrict data for specific user groups. See below.

User Security

User Security is implemented through the user of User Groups. Each group has specific permissions, and can have its own dashboards, menus, queries and reports. Each user group can also have restricted access to data. A query can be imposed on top of any user profile, limiting each users access to data records to just the results of that query, and that can include Sql "Where Clause" conditions.

This enables users to be restricted to just the data records they need.

Self Service profiles can also be implemented within xAssets Applications. This allows end users access to request assets, create and manage their own help desk calls, and manage their own assets, tasks, purchase orders, approvals, maintenance processes and other processes configured to the customers requirements.

Audit Information

The business rules within the xAssets application implement audit history recording as follows:

  • Every change to an asset record is recorded in a history table
  • Full asset history can be viewed from the Audit Information tab in the Asset Entry Screen
  • History tables can be used in Historical Reporting such as the IMACS reports
  • Changes to reference data records record data modified and user modified, on each database table

Configuration Options

To learn more about the functions and features available to IT Asset Management, Cloud Asset Management, Fixed Asset Management, Network Discovery and Enterprise Asset Management customers, Click Here