Better Access Control with Less Configuration: Ownership
- By Andrew Mitchell
- Published on January 26, 2017
A major pillar of security is access control. It doesn't matter how strong your encryption is if your access control rules are too broad and you unintentionally give the wrong user access to too much information. At TrueVault, we strive to make it easy for you to build a secure product from top to bottom. This means that it's not enough for us to put your data in an iron-clad vault; we also need to help you precisely control access to each record.
When we spot common usage patterns, we do our best to update our API to enable that usage in the most secure way possible. Today we're announcing the release of a new way to express access control in TrueVault: Ownership. Simply put, Ownership allows you to restrict access to Documents and BLOBs based on their Owner. For example, if you work with patients and doctors, you might want to ensure that each patient can only see his own records, while each doctor can see all records for any of her patients. The Ownership feature makes it simple and easy to express this type of access control, and much more.
You can dig into the API documentation directly, or take the scenic route through our ownership tutorial.
As always, we encourage you to visit our discussion forum where you can ask questions and get help from the TrueVault community.