system:inmation offers many different features and functionalities to ensure security of your system and data. It is designed to be secure by default at installation and then grants administrators a high level of control in controlling system access, script execution and secure communication across the entire system infrastructure.

Secure Access

Secure access is controlled by Administrators through the Access Model in DataStudio. Here, Profiles are created, from which access to all facets of the system can be controlled and configured. Profile configuration can grant access to the different system models and how the profile can be used by APIs and clients accessing the system through different communication protocols. Profile permissions can also be configured for different object levels in the system through object level security.

The system also allows Windows Authentication to be used to access the system. The User and User Group objects map onto Windows User and Group accounts. They are created below Profile objects, so permissions are assigned in the same way.

All credentials must also follow the system Password Policy.

Secure Communication

Communication between components is encrypted by default on installation (TLS -SRP). The configuration of the inter-component communication can be further configured after installation with different encryption options. More information about the communication between components can be found in the dedicated Secure Communication section of the documentation.

Secure Script Execution

The system offers two different approaches to the security of script execution: the generous Legacy Mode and Strict Mode on the other hand. Which approach the system applies, is configured in the Core using the Lua Security Mode property.

In Legacy Mode, all Lua scripts can access all objects by default. In this Security Mode, Security Perimeter objects can be used to limit the context in which a Lua script running on a system object can access other objects.
In Strict Mode, Lua scripts can not access any objects by default. Appropriate access rights for each object need to be explicitly granted to the script. Script Profile objects allow the bundling of permissions.

More information about the security options for script execution can be found in Lua Security.