Skip to main content
GIMA’s security settings allow you to configure access controls, password policies, audit logging, and other security features to protect your asset management data and ensure compliance with organizational policies.

Overview

Access security configuration at /configuracion/seguridad to manage security and audit settings.
Security settings directly impact system access and data protection. Changes should be reviewed carefully and tested in a non-production environment before deployment.

Security Features

GIMA provides comprehensive security controls:

Password Policies

Configure password complexity, expiration, and reset requirements

Access Control

Manage user permissions and role-based access control (RBAC)

Audit Logging

Track user actions and system events for compliance and troubleshooting

Session Management

Control session timeouts and concurrent login policies

Two-Factor Authentication

Enable additional authentication layers for enhanced security

IP Restrictions

Limit access to specific IP addresses or ranges

Password Policies

Configure password requirements to ensure strong authentication:
1

Access Password Settings

Navigate to the password policy section in security configuration.
2

Set Complexity Requirements

Define password complexity rules:
  • Minimum length (recommended: 8-12 characters)
  • Require uppercase letters
  • Require lowercase letters
  • Require numbers
  • Require special characters
3

Configure Expiration

Set password expiration policies:
  • Password age (e.g., 90 days)
  • Advance warning before expiration
  • Password history (prevent reuse of recent passwords)
4

Set Lockout Rules

Configure account lockout after failed attempts:
  • Failed attempt threshold (e.g., 5 attempts)
  • Lockout duration (e.g., 30 minutes)
  • Reset failed attempt counter after successful login
5

Apply Settings

Save and apply the password policy. New requirements take effect immediately for new passwords.
For general organizational use:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • Password expiration: 90 days
  • Password history: 5 previous passwords
  • Account lockout: 5 failed attempts, 30-minute lockout
For sensitive environments:
  • Minimum 12 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
  • Password expiration: 60 days
  • Password history: 10 previous passwords
  • Account lockout: 3 failed attempts, 60-minute lockout
  • Two-factor authentication required
Overly restrictive password policies can lead to users writing down passwords or using predictable patterns. Balance security with usability.

Role-Based Access Control (RBAC)

GIMA uses role-based permissions to control what users can access and modify:

Default Roles

Full system accessPermissions:
  • Create, read, update, delete all assets
  • Manage users and roles
  • Configure system settings
  • Access all reports and audits
  • Manage categories and locations
Use for: IT administrators, system managers
Management-level accessPermissions:
  • View all assets
  • Create and update assets in assigned areas
  • Approve maintenance requests
  • Access reports for assigned departments
  • Manage team members
Use for: Department managers, supervisors
Maintenance and technical accessPermissions:
  • View assigned assets
  • Update asset status and condition
  • Create and complete maintenance tasks
  • Access technical documentation
  • Update asset location
Use for: Maintenance staff, technicians
Read-only accessPermissions:
  • View assets in assigned areas
  • View reports (limited)
  • View maintenance history
  • No create, update, or delete permissions
Use for: Auditors, read-only users, external consultants

Creating Custom Roles

1

Access Role Management

Navigate to user management (/configuracion/User) and access role configuration.
2

Create New Role

Click “Create Role” and enter:
  • Role name
  • Role description
  • Department or area (if applicable)
3

Assign Permissions

Select which permissions this role should have:
  • Asset management (view, create, edit, delete)
  • Maintenance (view, create, assign, complete)
  • Reports (access specific report types)
  • Configuration (access specific settings)
  • User management (if applicable)
4

Test Role

Create a test user with the new role and verify permissions work as expected.
5

Assign to Users

Assign the role to appropriate users.

Audit Logging

GIMA tracks user actions and system events for security and compliance:

Logged Events

  • User login/logout
  • Failed login attempts
  • Password changes/resets
  • User creation/modification/deletion
  • Role and permission changes
  • Asset creation
  • Asset updates (with field-level changes)
  • Asset deletion
  • Asset status changes
  • Asset location changes
  • Asset ownership transfers
  • Maintenance task creation
  • Task assignment changes
  • Task completion
  • Maintenance schedule changes
  • Work order approvals
  • Security setting changes
  • Category creation/modification
  • Location creation/modification
  • System configuration updates
  • System startup/shutdown
  • Database backups
  • System errors
  • Security alerts

Audit Log Information

Each audit entry includes:
  • Timestamp: Exact date and time of the event
  • User: Who performed the action (username and user ID)
  • Action: What action was taken
  • Resource: What was affected (asset, user, configuration, etc.)
  • Details: Specific changes made (before/after values)
  • IP Address: Source IP address of the request
  • Session ID: Session identifier
  • Result: Success or failure of the action

Accessing Audit Logs

1

Navigate to Audit Logs

Access audit logs from the security configuration section.
2

Apply Filters

Filter logs by:
  • Date range
  • User or role
  • Action type
  • Resource type
  • Success/failure
3

Review Entries

Examine log entries for security events or policy violations.
4

Export Logs

Export filtered logs for external analysis or compliance reporting:
  • CSV format
  • PDF format
  • JSON format
Audit logs are stored securely and cannot be modified or deleted by users. Log retention policies should be configured based on organizational requirements.

Session Management

Control user sessions to enhance security:

Session Settings

Configure automatic logout after inactivity:
  • Standard: 30 minutes of inactivity
  • High Security: 15 minutes of inactivity
  • Extended: 2 hours (for maintenance operations)
Users will be warned before auto-logout and can extend their session.
Control how many simultaneous logins are allowed:
  • Single Session: Only one active session per user
  • Multiple Sessions: Allow multiple devices (limit to 3-5)
  • Unlimited: No restriction (not recommended)
New login can optionally terminate older sessions.
Additional session protection:
  • Secure session cookies (HTTP-only, Secure flag)
  • Session ID regeneration after login
  • Bind sessions to IP address (optional)
  • Session activity logging

Two-Factor Authentication (2FA)

Add an extra layer of security with two-factor authentication:
1

Enable 2FA System-Wide

Enable 2FA in security settings. Choose:
  • Optional: Users can enable 2FA if desired
  • Required for Admins: Mandatory for administrator accounts
  • Required for All: Mandatory for all users
2

Configure 2FA Methods

Select which 2FA methods are available:
  • Authenticator app (Google Authenticator, Authy)
  • SMS verification codes
  • Email verification codes
  • Hardware security keys (FIDO2/U2F)
3

Set Backup Codes

Generate backup codes for account recovery if 2FA device is lost.
4

User Enrollment

Users enroll in 2FA from their profile settings:
  • Scan QR code with authenticator app
  • Verify with initial code
  • Save backup codes securely
Ensure users save backup codes in a secure location. Lost 2FA access requires administrator intervention to reset.

IP Restrictions

Limit access to GIMA from specific IP addresses or networks:

IP Whitelist

Allow access only from approved IP addresses:
  • Office network IP ranges
  • VPN exit points
  • Specific trusted IPs

Configuration

1

Enable IP Restrictions

Activate IP-based access control in security settings.
2

Add Allowed IPs

Enter IP addresses or CIDR ranges:
  • Single IP: 192.168.1.100
  • IP range: 192.168.1.0/24
  • Multiple entries separated by commas
3

Configure Exceptions

Optionally allow specific users or roles to bypass IP restrictions (e.g., for remote work).
4

Test Access

Verify that authorized users can access from allowed IPs and others are blocked.
IP restrictions can lock out legitimate users if not configured correctly. Always maintain a way to access the system (e.g., VPN) before enabling IP restrictions.

Security Best Practices

Regular Password Updates

Enforce periodic password changes for all users

Principle of Least Privilege

Grant users only the permissions they need

Monitor Audit Logs

Regularly review logs for suspicious activity

Enable 2FA

Require two-factor authentication for sensitive accounts

Session Timeouts

Use appropriate session timeout values

Regular Security Reviews

Periodically audit user permissions and roles

Backup Audit Logs

Regularly export and backup audit logs

Security Training

Train users on security best practices

Compliance and Regulations

Data Protection

GIMA security features help comply with:
  • GDPR: User data protection and access controls
  • SOC 2: Audit logging and access monitoring
  • ISO 27001: Information security management
  • HIPAA: If managing healthcare assets

Audit Trail Requirements

Maintain comprehensive audit trails for:
  • Financial asset tracking (Sarbanes-Oxley)
  • Government contracts (FedRAMP, FISMA)
  • Industry-specific regulations

Security Incident Response

If you detect a security incident:
1

Identify the Incident

Review audit logs to understand what happened:
  • Unauthorized access attempts
  • Unusual data modifications
  • Suspicious user behavior
2

Contain the Threat

Take immediate action:
  • Disable compromised accounts
  • Change affected passwords
  • Block suspicious IP addresses
3

Investigate

Analyze the incident:
  • Export relevant audit logs
  • Identify affected data and users
  • Determine root cause
4

Remediate

Fix security gaps:
  • Update security policies
  • Apply system updates
  • Strengthen access controls
5

Document and Report

Create incident report:
  • Document timeline of events
  • List affected systems and data
  • Report to relevant authorities if required

User Management

Manage users, roles, and permissions

Notifications

Configure security alert notifications

Audit Reports

Generate security and compliance reports

Build docs developers (and LLMs) love

Get started for freeTalk to us