Detailed, granular access rights allow you to configure the exact user permissions you need to support segregation of duties, rule of least privilege, and organizational security standards.
Control your organizational security policies
Rocket® Servergraph supports integration with Microsoft Active Directory for user account and access rights management. This logical groupings your organizational security policies, including password and other authentication standards, to apply to Servergraph application access.
Within the application Servergraph offers detailed, customizable role-based access permissions that can be associated with your various users and backup systems. Each user can be assigned to one or more “Scopes” that grant access to specific backup processes, devices, reports, and functions. This allows you to restrict users to only the data and actions necessary to perform their job function, and supports specialized roles such as application administrator, report reviewer, or auditor—all of which can be further restricted to only certain elements of your backup environment.
System administration is further segregated from the application and is only accessible to users with the administrative maintenance client application.
Build upon your back-end access rights with Rocket API
When Rocket® API calls your mainframe, it is restricted by access permissions the mainframe grants. But you can enhance and expand upon those access control capabilities by adding Rocket API’s application-layer access security.
Rocket API allows you to configure more-detailed access rights than may be available from your mainframe. You can restrict specific API calls by user, by function, by data being accessed, and more. These capabilities can help you achieve specific security and compliance criteria by further defining what type of access is authorized and denying unauthorized access attempts.
Extend your mainframe access controls to the web with LegaSuite
Rocket® LegaSuite Web provides an interface between your website and your mainframe, extending all of the user credentials, access rights and detailed permission, and authentication mechanisms defined by your mainframe to the web platform. LegaSuite Web also provides capabilities to further restrict access by limiting the data values and form types that are presented to users based on the context of the web application.
Leverage your host system’s access security features
Rocket Mainstar and OpenTech solutions utilize the native TSO function of your IBM Z environment to manage user credentials and all of their associated access rights through the Security Authorization Facility (SAF). All user authentication controls are also inherited from the IBM Z environment. This eliminates the need for you to manage and maintain separate access control lists for Mainstar and OpenTech solutions, and provides assurance that system users cannot bypass any access restrictions enforced through SAF.
Remotely access your host system credentials
Rocket® BlueZone allows clients to communicate with back-end host systems using existing user credentials and authorities for the logged-in user. BlueZone cannot provide any capability for data access that is not already specifically authorized within your host system operating system.
For environments where an additional layer of security and authentication is needed between clients and backend hosts, BlueZone also makes available a Security Server that can act as a secure proxy. The Security Server supports strong authentication requirements or direct integration with Active Directory or RSA for user access management.