Get Started!

˂ Return to FAQ

Split View and Secret Co-ownership

To comply with specific security policies, maintain regulatory compliance and enforce segregation of duty, it may become a business requirement to ensure that no single user has access to the entire secret, password or parameter within a record. Some refer to this functionality as the “Two-person rule” because it requires one user to retrieve the first part of a password and a second (or more) user to retrieve the remainder, thus requiring two people to construct the full password.

In XTAM, we call this “Split View” and when enabled, the Unlock option will either reveal the first part of the record’s password or the second part based on your configuration. This prevents a single XTAM user from ever being able to Unlock the complete password for a record.

XTAM Split View First Part Example
XTAM Split View Last Part Example

 

To configure Split View in XTAM:

1

Login to XTAM as a System Administrator.

2

Navigate to Administration > Settings > Parameters.

3

Locate the option Split View Role and select one of the available options.

XTAM Split View Admin Configuration

3a

Disabled: When selected, the Split View functionality is disabled.

3b

First Part: When selected, the users assigned the Global Role Split View will reveal only the first part of the value when using the Unlock option.

3c

Last Part: When selected, the users assigned the Global Role Split View will reveal only the last part of the value when using the Unlock option.

4

Click the Save button for this option.

5

Navigate to Administration > Global Roles

6

Click the Add button, add a Principal(s) and assign the Global Role Split View. Click Select button to complete this role assignment.

XTAM Split View Global Role Assignment

6a

Note that the user(s) or group(s) assigned this role will reveal either the first or last part of the value in the unlocked field. All other XTAM users not assigned this role will reveal the remaining part of the value.

7

Split View is now enabled.

 

To test Split View in XTAM:

1

Login to XTAM as a user with the Global Role Split View.

2

Open a record with a Password field and click the Unlock button.

3

The password will be revealed as shown below.

XTAM Split View First Part Example

Please note that the partial password is displayed by splitting the full value into two equal parts, defining the split with a pipe (|) character, with the remaining concealed password displayed as asterisks (***). The pipe character appears in both halves of the split and is not part of the password itself.

 

4

Logout and then login to XTAM as a user without the Global Role Split View.

5

Open the same record and click the Unlock button.

6

The other portion of the password will now be revealed to this user.

XTAM Split View Last Part Example

7

For comparison, here is the full, non-split, password used in this example. Note the use of the pipe (|) is only to define the split and is not an actual character in the password.

XTAM Split View Complete Password Example

 

For Consideration when Enabling Split View

1

The Split View functionality is only applied to a record’s Unlock option. Editors, Owners and System Administrators will be able to view the full, non-split password in both the Edit and Change History views of the record.

2

When Split View is enabled, it is applied to all XTAM users with at least the Unlock permission to a record.

 
 

Copyright © 2018 Xton Technologies, LLC. All rights reserved.