Access Control Policy
Document ID: ISMS-POL-002
Version: 1.1
Effective Date: December 30, 2025
Review Date: December 30, 2026
Classification: Internal
Last Updated: v4.2.0 - Admin Plan Management
1. Purpose#
This policy establishes the requirements for controlling access to anonym.legal systems, applications, and data. It ensures that access is granted based on business need and principle of least privilege.
2. Scope#
This policy covers:
- User account management
- Authentication mechanisms
- Authorization and role-based access
- Plan-based feature access
- API access controls
- Administrative access
3. User Account Management#
3.1 Account Creation#
- Accounts created via self-registration with email verification
- Email verification required before account activation
- Unique email address required per account
3.2 Account Types#
| Account Type | Description | Default Role | Default Plan |
|---|
| Standard User | Self-registered customer | User | Free |
| Paid User | Customer with subscription | Editor | Basic/Pro/Business |
| Administrator | Platform administrator | Admin | Pro |
3.3 Account Deactivation#
- Accounts deactivated after 12 months of inactivity
- Immediate deactivation upon request
- Data retention per privacy policy
4. Authentication#
4.1 Password Requirements#
| Requirement | Value |
|---|
| Minimum Length | 8 characters |
| Uppercase Letters | At least 1 |
| Lowercase Letters | At least 1 |
| Numbers | At least 1 |
| Special Characters | At least 1 |
| Password History | N/A (not enforced) |
| Maximum Age | N/A (no forced rotation) |
4.2 Account Lockout#
| Parameter | Value |
|---|
| Failed Attempts Before Lockout | 5 |
| Lockout Duration | 30 minutes |
| Reset on Success | Yes |
4.3 Multi-Factor Authentication (2FA)#
- Optional for all users
- Supported methods: TOTP (Authenticator app), Email
- Required for Admin accounts (recommended)
4.4 Session Management#
- JWT-based sessions
- Session duration: 30 days
- Secure, HttpOnly cookies
- Session invalidation on password change
5. Role-Based Access Control (RBAC)#
5.1 Defined Roles (v4.0 - Simplified)#
| Role | Description | Automatic Assignment |
|---|
| Admin | Full system access, user management, test runner | Manual only |
| Editor | Create, edit, share content publicly | Basic/Pro plans |
| User | Create personal content only (private) | Free plan |
Note: Legacy roles (Viewer, GlobalViewer, PresetEditor) were removed in v3.13.0 and migrated to the simplified role system.
5.2 Role Permissions Matrix#
| Permission | Admin | Editor | User |
|---|
| canManageUsers | ✅ | ❌ | ❌ |
| canEditSettings | ✅ | ❌ | ❌ |
| canViewSettings | ✅ | ❌ | ❌ |
| canEditDefaultPresets | ✅ | ❌ | ❌ |
| canEditDefaultEntities | ✅ | ❌ | ❌ |
| canSharePresets | ✅ | ✅ | ❌ |
| canShareEntities | ✅ | ✅ | ❌ |
| canCreatePresets | ✅ | ✅ | ✅ |
| canEditOwnPresets | ✅ | ✅ | ✅ |
| canCreateEntities | ✅ | ✅ | ✅ |
| canEditOwnEntities | ✅ | ✅ | ✅ |
| canUseServices | ✅ | ✅ | ✅ |
Admin User Management (v4.2.0+):
- When an admin changes a user's plan, the system automatically:
- Cancels any active external subscriptions (PayPal/Stripe)
- Updates the user's token wallet to the new plan's allocation
- Resets the token cycle dates
- Creates comprehensive audit log entries
- This ensures billing consistency and prevents users from being charged for plans they're not using
- All operations are performed atomically within database transactions
- See
docs/ADMIN_PLAN_MANAGEMENT.md for detailed procedures
5.3 Role Assignment Rules#
- Roles automatically assigned based on subscription plan
- Admin role never automatically downgraded
- Role changes logged to audit trail
6. Plan-Based Feature Access#
6.1 Feature Matrix#
| Feature | Free | Basic | Pro | Business |
|---|
| analyzer | ✅ | ✅ | ✅ | ✅ |
| anonymizer | ✅ | ✅ | ✅ | ✅ |
| batch | ❌ | ✅ | ✅ | ✅ |
| deanonymize | ❌ | ✅ | ✅ | ✅ |
| personalPresets | ✅ | ✅ | ✅ | ✅ |
| personalEntities | ✅ | ✅ | ✅ | ✅ |
| publicPresets | ❌ | ✅ | ✅ | ✅ |
| publicEntities | ❌ | ✅ | ✅ | ✅ |
| countryEntities | ❌ | ✅ | ✅ | ✅ |
| analysisConfig | ❌ | ✅ | ✅ | ✅ |
| apiAccess | ❌ | ✅ | ✅ | ✅ |
| masking | ✅ | ✅ | ✅ | ✅ |
| topUps | ❌ | ✅ | ✅ | ✅ |
| aiEntityCreation | ❌ | ✅ | ✅ | ✅ |
| encryption | ❌ | ✅ | ✅ | ✅ |
| hashingVariants | ❌ | ✅ | ✅ | ✅ |
6.2 Token Limits#
| Plan | Tokens per Cycle | Cycle Days | Max Batch Size |
|---|
| Free | 300 | 30 | N/A |
| Basic | 500 | 31 | 100 |
| Pro | 2,000 | 31 | 500 |
| Business | 10,000 | 31 | 5,000 |
7. API Access Control#
7.1 API Authentication#
- Bearer token authentication
- JWT tokens with user context
- Token expiration enforced
7.2 API Rate Limiting#
- Per-user rate limits based on plan
- Endpoint-specific rate limits
- 429 response on limit exceeded
7.3 API Feature Access#
- API access requires Basic plan or higher
- Feature checks enforced at API level
- Unauthorized access returns 403
8. Administrative Access#
8.1 Server Access#
- SSH key authentication only (no password)
- Brute force protection
- Access limited to authorized administrators
8.2 Database Access#
- No direct database access from internet
- Access via application layer only
- Parameterized queries (secure ORM)
8.3 Admin Panel Access#
- Admin role required
- Session-based authentication
- Audit logging of admin actions
9. Access Reviews#
9.1 User Access Review#
- Quarterly review of user accounts
- Removal of inactive accounts
- Verification of role assignments
9.2 Administrative Access Review#
- Monthly review of admin accounts
- Verification of SSH key validity
- Review of admin action logs
10. Audit Logging#
10.1 Logged Events#
- User authentication (success/failure)
- Role changes
- Permission changes
- Admin actions
- API access
10.2 Log Retention#
- Authentication logs: 90 days
- Admin action logs: 1 year
- Security event logs: 1 year
11. Document Control#
| Version | Date | Author | Changes |
|---|
| 1.0 | 2025-12-29 | Security Team | Initial release |
| 1.1 | 2025-12-29 | Security Team | Updated for v4.0 role simplification |