diff options
| author | doc <doc@filenotfound.org> | 2025-06-30 20:06:28 +0000 |
|---|---|---|
| committer | doc <doc@filenotfound.org> | 2025-06-30 20:06:28 +0000 |
| commit | 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf (patch) | |
| tree | 7cbd6a8d5046409a82b22d34b01aac93b3e24818 /genesishosting/access | |
| parent | 8368ff389ec596dee6212ebeb85e01c638364fb3 (diff) | |
Diffstat (limited to 'genesishosting/access')
| -rw-r--r-- | genesishosting/access/account-creation.md | 20 | ||||
| -rw-r--r-- | genesishosting/access/account-deletion.md | 13 | ||||
| -rw-r--r-- | genesishosting/access/least-priv.md | 20 | ||||
| -rw-r--r-- | genesishosting/access/user-roles.md | 18 |
4 files changed, 71 insertions, 0 deletions
diff --git a/genesishosting/access/account-creation.md b/genesishosting/access/account-creation.md new file mode 100644 index 0000000..12fd857 --- /dev/null +++ b/genesishosting/access/account-creation.md @@ -0,0 +1,20 @@ +# Account Creation Policy + +## Customer Accounts + +- Created automatically via WHMCS upon signup +- Email verification is required before service activation +- Strong passwords (minimum 10 characters) are enforced +- 2FA is recommended and required for admin-facing services + +## Staff/Admin Accounts + +- Created manually by Super Admin only +- Must use SSH keys for server access +- Access logs are enabled and monitored +- Each staff account must be linked to an internal email + +## Account Naming Convention + +- Customers: `client_{username}` +- Admins: `admin.{firstname}` diff --git a/genesishosting/access/account-deletion.md b/genesishosting/access/account-deletion.md new file mode 100644 index 0000000..71fd0df --- /dev/null +++ b/genesishosting/access/account-deletion.md @@ -0,0 +1,13 @@ +# Account Deletion Policy + +## Customer Accounts + +- Users may request account deletion via WHMCS support ticket +- Data is retained for 30 days post-termination (unless legally required) +- Backups including user data are purged after 30 days + +## Internal Accounts + +- Deactivated immediately upon staff departure or role change +- SSH keys, DirectAdmin access, and database credentials revoked +- Logs associated with the account are retained for audit purposes diff --git a/genesishosting/access/least-priv.md b/genesishosting/access/least-priv.md new file mode 100644 index 0000000..00f85ac --- /dev/null +++ b/genesishosting/access/least-priv.md @@ -0,0 +1,20 @@ +# Least Privilege Policy + +Genesis Hosting enforces least privilege access for all systems. + +## Principles + +- Users are given the minimum level of access necessary to perform their work +- Admin tools are isolated by function (e.g., billing vs. system access) +- Escalation of privileges must be requested, documented, and time-bound + +## Tools in Use + +- WHMCS permissions are restricted by group +- SSH access is limited using `AllowUsers` and firewalled IPs +- TeamTalk server admins are rotated and audited monthly + +## Review Cycle + +- Access roles are reviewed quarterly +- Logs of access changes are stored and rotated every 90 days diff --git a/genesishosting/access/user-roles.md b/genesishosting/access/user-roles.md new file mode 100644 index 0000000..0f485f3 --- /dev/null +++ b/genesishosting/access/user-roles.md @@ -0,0 +1,18 @@ +# User Roles + +Genesis Hosting Technologies uses Role-Based Access Control (RBAC) to ensure that users only have access to what they need. + +## Role Definitions + +| Role | Description | Examples | +|----------------|----------------------------------------------------------|----------------------------------| +| Customer | End users with access to services they’ve purchased | DirectAdmin clients, Streamers | +| Support Staff | Limited admin functions for resolving client issues | Helpdesk, WHMCS support agents | +| Administrator | Full access to provision, maintain, and modify services | Infrastructure admins | +| Super Admin | Root-level access to all systems | Owner/Lead Engineer | + +## Guidelines + +- Roles are assigned during onboarding. +- Access levels are reviewed quarterly. +- No one should hold higher access than required for their duties. |