From the PCI DSS:
This requirement ensures critical data can only be accessed by authorized personnel.
PCI DSS Requirement |
How Requirement is Addressed with EFT Server |
7.1 Limit access to computing resources and cardholder information only to those individuals whose job requires such access. |
Each user account defined in EFT Server inherits settings from the User Setting Level, or you can define settings specific to a user. Permission Groups set user virtual file system (VFS) permissions to folders. You can enable and disable user access to EFT Server resources by user, Group, User Setting Level, Site, and Server. You can also grant or deny access by IP address. |
7.2 Establish a mechanism for systems with multiple users that restricts access based on a user’s need to know. |
EFT Server provides groups, virtual folders, and settings templates for segregating and controlling user access. In addition, delegated administrators or help-desk users can be granted varying levels of control over server settings and resources. |