By Amy Ahmed
Further readingRemoving the limits on signatories How can we eliminate reconciliation in financial markets? A new release cadence for the Daml SDK Reading Daml Smart Contracts for Non-Programmers Streamline proxy voting and regulatory reporting using DLT
Daml Entitlements - Are they really needed or one more access approval request to raise?
By Amy Ahmed. Sep 8, 2020
If you are reading this article somewhere you came across words such as Entitlements, Access management, or authorized access. Did you ever wonder, why you can access some information but you get Access Denied for others ? Answer to this question lies within your entitlement, it’s simply your ability to access privileged information. You may be privy to sensitive information based on a variety of reasons such as your role in the organization, involvement in the process, or simply by being a part of the larger organization. Each and every access that you have contributes towards entitlement and vice versa.
However, there are certain times when these entitlements are not enforced correctly and a particular person gets access to a certain level of information that he/she should not be privy to. This could be the result of poor entitlement management systems, improper approval processes or lack of governance around access management. In such cases, a company’s organizational risk increases and if necessary actions are not taken in time, it can put the company’s reputation at risk.
In order to combat various problems around privilege accesses and entitlements as a whole, an organization should adopt a holistic approach that encompasses privilege access management, segregation of duties, and periodic access reviews. These measures along with the principle of least privilege access provide a stronger foundation for Identity and Access management, and help maintain appropriate entitlements organization wide, while safeguarding against external threats.
As technology evolves and our reliance on it continues to increase, there is a need for an overall solution to combat the problems with existing Identity and Access management solutions. More so, a solution that provides coverage for user access requests from an organization’s entitlement strategy, supports tiered approval process, reconciles the entitlements, and reviews and recertifies existing accesses. Together these criteria form the three pillars of the successful IAM solution and offer various benefits such as strong technology adoption, a centralized repository for access, and reduced risks from emerging technology.
Distributed Ledger Technology (DLT) presents a potential solution but it doesn't provide us with the required verifiability and semantics on its own. However, by using Daml, the open source smart contract language for rights and obligations, entitlements are handled right out-of-the box.Daml offers immutable smart contracts with defined user roles such as signatories, observers, and controllers and their respective actions while defining a contract. This sets the precedence for segregation of duties, access management and also takes care of the approval process. Moreover, any changes to the existing contract or the role definition would inherently require approval from all the participants.
Here is an example of entitlements using Daml where we have defined three users: developer, lead, and a manager. We have also defined roles for each of these users as per segregation of duties guideline wherein we adhered to the fact that if a developer has started writing a code, any review should be done by a manager or someone other than the developer who started the code. As Daml is very easy to follow and understand, this enables greater participation from other people across an organization while creating Daml-driven entitlements.
At Digital Asset, we take the security and access controls of the sensitive information very seriously and therefore we incorporate best in class Data and Access Control principles while designing all the contracts. Moreover, our Daml technology offers full extensibility to these features and makes it easy to adopt Access Control principles while developing an application.
Daml offers increased transparency and accuracy as it works off a single real time source of truth. This in turn removes ambiguity and eliminates the need for costly, duplicative reconciliations amongst systems. Daml-driven solutions are very flexible and support regulatory change and drive industry standardization with enterprise-grade solutions that reimagine or improve complex multi-tiered entitlement processes. All in all, clearly defined roles and obligations, combined with fine-grained permissions, ensure that information is shared with those who need to know it, when they need it and how they can act on it. Daml has also a new learn section where you can begin to code online: