Skip to main content

Managed Accounts with Impersonation

Managed Users - Private Containers

In this model, private containers are still set up by a participant, but the system owner has access to private keys and can utilize these to access content. This access allows administrators to "impersonate" users when necessary, to access information stored in these containers. It is suited to environments that require stricter oversight, but do not necessitate regular content modification.

Such a setup requires the system owner to generate and store all Private Keys in a safe place and use them only in extreme situations. Since the users still create their containers, only impersonation (using participant's Private Key) can grant full access to the container content.

System Roles

The table below outlines system roles in this scenario:

ApplicationApplication ServerPrivMX Bridge
Generating Users' Key Pair
Storing Users' Private Keys
Storing Users' Public Keys
Registering Users' Public Keys in Bridge
Creating and managing containers
Managing System Owner's Public Key
Storing always encrypted data

Example Applications

  • Data Management in Healthcare: Hospitals may require administrators to access patient records or test results during emergencies, where key management enables rapid access without direct user involvement.
  • Compliance in Financial Systems: Financial institutions may need administrators to monitor client resources to comply with regulatory standards, ensuring the information remains auditable.