Traceability
Vault is designed for data privacy, and traceability is embedded. Traceability means specifying a reason—a "purpose" in privacy terminology—whenever data is accessed. That reason is recorded as part of the audit logs retained by Vault, enabling the reasons for all data changes to be traced later.
Moreover, the policy management engine uses the reason to control access to data.
Vault includes these built-in reasons:
AppFunctionality
Analytics
Notifications
Marketing
ThirdPartyMarketing
FraudPreventionSecurityAndCompliance
AccountManagement
Maintenance
DataSubjectRequest
Other
, used when an ad-hoc reason is specified.
For example, this Get an object CLI call uses the FraudPreventionSecurityAndCompliance
reason to record the request for all of an object's details:
pvault object get \
--collection=customers \
--id=b86718a3-f4a7-4e40-bb59-681f22b62649 \
--all-unsafe \
--reason=FraudPreventionSecurityAndCompliance