Role based access control system (RBAC)

StoredSafe has a RBAC consisting of 2 levels of roles and rights.

Firstly there is a System role which can be Read, Write or Admin.
A system Read user cannot create any vaults only access vaults shared with him.
A system Write user can create/modify/delete vaults.
A system Admin can create/disable/modify/delete vaults and users.

Then there is vault roles, Read, Write, Admin.
A vault Read user can only read/decrypt objects.
A vault Write user can create/modify/delete objects.
A vault Admin can create/modify/delete vaults and add/remove new users to the vault.

These 2 different types of roles can mix, so a system Read user can have admin in a vault for instance. A system admin might only have read in a specific vault.

Aside from these there are also capability roles in the system.
- Audit
- UG list
- Changepass
- Active

Audit has the right to use and see the audit log. Export CSVs of audit logs and also audit users to see what objects they have decrypted etc.

UG list has the right to see relations between users and vaults.

Changepass is only a temporary role which enforces a password change on the next logon.

Active, well if the user is active, if not then the user is disabled and cannot log on.