Access control

[signal]

How is access control handled inside VBR, not just login to the console but internally in the application?
Is some form of discretionary access control (DAC) or mandatory access control (MAC) used?

[veremin]

Can you provide some context for your question, please? Maybe, some problem that you've faced or issue you're trying to solve? Or it's more like "out of curiosity" type of question? Thanks.

[signal]

I'm working with a very security oriented organization and I need to document the security of the software. I've tried to get hold of any previous security assessment documentation, like a Common Criteria security evaluation but have not found any for VBR. If you have anything like that to send me it would make things a lot easier.

I have different requirements for security that I need to document, like compliance with Common Criterea Controlled Access Protection Profile (CAPP), access control (not just authentication when logging in, but how it is enforced in the software), activity logging, data protection (e.g. credentials) and so on.

[Vitaliy S.]

I would suggest to contact your system engineer for these security documents. Our SEs should be able to get this info from our legal department. Thanks!