Search
Close this search box.
Contact Us

Discreet’s Demo Walkthrough

Discreet User Types and Roles

There are four different types of users supported by Discreet, each with different roles.

1. Discreet System Administrator (SA)

SAs are responsible for the following:

  • Creating and and removing users as well as setting user privileges.
  • SAs can create users of any of the four types of users, but they do not possess encryption keys and do not have access to any encryption related functionality.
  • Users who are created as SAs cannot assume any other role.

2. Discreet Authorized User (AU)

An AU is a user who is authorized to have access to the encryption keys corresponding to a Data Object Type (DOT).

3. Discreet Data Object Type Manager (DOTM)

DOTMs have the following privileges:

  • DOTMs are users who are authorized to create new DOTs. Whenever a new DOT is created, the creator becomes the Data Object Type Manager (DOTM) for that DOT.
  • A DOTM may authorize other Discreet Authorized Users (AUs) and DOTMs to access the encryption keys for the DOT.
  • DOTMs can act as AUs for other DOTs not managed by them.
  • DOTMs may only be designated for DOTs for which they are authorized.
  • It is possible to change AU to DOTM and vice versa, by setting the privileges.

4. Discreet Security Officer (SO)

SOs have the following roles:

  • In case no authorized users of a DOT are available and access to the data of that type is needed, the SOs can authorize a new user to access the keys of that DOT.
  • If a user loses their login credentials, SOs can reset the password by following the necessary protocols.

Setting Up Discreet

There are five fundamental steps to set up the discreet system.
These steps pertain to creating/registering the two basic entity types (DOTS and Users) and authorizing/enabling users to access encryption keys.

Step - 1
Step - 1

Creating and activating the Security Officers (SOs)

  • The first step is to assign and create the Security Officers (SO).
  • The system administrator creates the SOs and assigns a User Name and Password to them.
  • The SOs activate themselves by logging-in using the given ID and password and then generating a new password.
  • The SA is basically responsible for launching the entire Discreet system
Step - 2
Step - 2

Creating and activating the users

  • After the completion of step-1, system administrator creates a new user and assigns a User Name and Password to the user.
  • The user activates himself/herself by logging-in using the given ID and password and then generating a new password.
Step - 3
Step - 3

Creating a DOT and associating a user with the corresponding encryption keys

  • Creation of Data Object Type (DOT) in the system begins the process of generating and storing keys corresponding to them.
  • A user who creates a DOT is assigned the DOTM role, thereby enabling them to encrypt/decrypt data of this type and authorize other users to access the keys.
  • Each DOT has at least one user who is the DOTM and is authorized to encrypt/decrypt data of this type.
Step - 4
Step - 4

Accessing the encryption keys

  • An encryption key must first be retrieved before decrypting/encrypting a data element.
  • When Data Encryption Keys (DEK) are retrieved, DOT can be encrypted/decrypted.
Step - 5
Step - 5

Enabling an additional user to access encryption keys

  • Only the Discreet Data Object Type Managers (DOTMs) can grant access to an additional user for a specific DOT

Discreet In Action

In order to demonstrate how Discreet works, let’s take an example of a hypothetical company ‘AxsKey Inc.’

The following is a fictitious organization chart for AxsKey Inc.

Organization Chart for AxsKey Inc.

The four different types of users are shown on the above chart, as explained in Discreet User Types And Roles.

The following examples show how Discreet can be utilized:

1. Uploading the Assets

There are two ways of uploading the assets:

By the System Admin (SA):
  • An asset can be uploaded by the SA by clicking on ‘Load Data’ and then selecting its location.
  • When an asset is uploaded, the SA can then assign users with DOTM level privileges as its DOTM.
By the Data Object Type Manager (DOTM):
  • DOTMs are also able to add assets and folders to their assigned folders.
  • To add the asset, navigate to the desired folder and then click on the ‘Vertical Dots Icon’.
  • Once you have selected a folder or an asset, click OK.
2. Managing the Assets

A CEO and department head can provide DOTM or AU level access to their subordinates.

  • To provide the user access, click on the ‘Plus User Icon’ after navigating to the desired folder.
  • Once you have added the user and given them appropriate rights, click OK.
3. Roles of DOTM

Department heads are assigned as DOTM for their respective departments, and they have the option to revoke or limit the CEO’s access to any asset under their department.

DOTM can then assign their subordinates as AU or DOTM as per the requirement.

In addition, DoTM can also provide cross-departmental access to other departments’ employees.

4. Roles of AU

Authorized Users (AUs) can only access the folder/assets assigned to them by DOTM.

AUs cannot add any asset/folder, they can only view/edit the assets assigned to them by DOTM.

AU cannot also assign another user to their assets.

5. Providing access to external users (Partners/Clients)

System Admin (SA) can create a client/partner account as AU.

The client/partner is then required to change the password to activate their account.

DOTM can share any asset with the client/partner providing them with Read or Write access.

The client/partner cannot share the asset with anyone else.

6. What happens when a user loses their password or he/she is not reachable?

In case no authorized users of a DOT are available or if a user loses their login credentials, SOs can transfer the rights to another user or reset the password by following the necessary protocols.

One of the SO needs to log in and initiate the Reset User Password or Transfer Assets protocol. SO then assigns another SO to complete the protocol. 

The second SO then logs in to their account and completes the process.

7. What happens when a security officer (SO) is not available?

In case a SO is not reachable or if he/she has left the organization, the available SOs can assign another user as a SO by following the similar protocols as explained in the previous step.

Abbreviations:

SA – Discreet System Administrator

AU –  Discreet Authorized User

DOTM – Discreet Data Object Type Manager

SO –  Discreet Security Officer

DOT – Data Object Type

DEK – Data Encryption Keys

KEK – Key Encryption Keys

Discreet Edge LLC

2073 Poinsettia St, San Ramon, CA 94582

hello@discreetedge.com

Company
Quick links
Follow us
© 2024 Discreet Edge LLC. All rights reserved​

Made with ❤️️ by Digilistics