+PSS-08 Roles and Rights Framework
---+PSS-08.01B
---+PSS-08.02B
---+PSS-08.03B
---+PSS-08.04B
---+PSS-08 Supplementary Information - Complementary Customer Criteria

1. Übersicht

PSS-08 Roles and Rights Framework

-
PSS-08.01B The cloud service provided comprises a roles and rights framework for users of the cloud service customer. This framework allows users to manage their own access rights. It describes access rights and roles for the functions provided by the cloud service. Cloud service customers can configure relevant access control parameters themselves.

In IaaS, a role and rights framework would describe, among other things, the access rights and roles for the following functions of the cloud service:

1. Administration of the states of virtual machines (start, pause, stop) as well as for their migration or monitoring;
2. Management of available images that can be used to create virtual machines; and
3. Management of virtual networks (e.g. configuration of virtual routers and switches).
PSS-08.02B The access rights and roles are suitable for enabling users of the cloud service customer to manage access authorisations and permissions in accordance with the principle of least-privilege and how it is necessary for the performance of tasks ('need-to-know-principle') and to implement the principle of functional separation between operational and controlling functions ('segregation of duties').
PSS-08.03B The cloud service provided is equipped with a functionality to help cloud service customers review user access rights under their responsibility.

This functionality can e.g. include gaining a list of all roles and accesses the cloud service customer has activated and when they were changed the last time.
PSS-08.04B In case the cloud service includes the management of customer identities, for a given customer identity, the cloud service provided is equipped with a functionality to provide the list of access rights currently granted to that identity according to the contractual terms.
PSS-08 Supplementary Information - Complementary Customer Criteria Cloud service customers ensure with suitable controls that:

1. They actively utilise the roles and rights framework and accompanying functionalities offered by the cloud service provider;
2. The granting of permissions to users in their area of responsibility is subject to authorisation; and
3. The appropriateness of the assigned authorisations is regularly reviewed and authorisations are adjusted or withdrawn in a timely manner in the event of necessary changes (e.g. personnel resignation).

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum