Securing your Sweagle environmentAs an admin user of the Sweagle platform, there are a couple of settings you can use to further harden the security of your Sweagle instance. 1. Disable access for non-person users The tenant setting "login.ui.nonperson_type.allow" allows to control that only users of type "person" can actually access the Sweagle User interface. This allows us to control that API and System users can never access the user interface, even when they would try to (ab)use the token. The recommendation to set login.ui.nonperson_type.allow=false 2. Enable advanced security features The tenant setting "security.password.advanced" allows enabling more advanced password settings such as minimum length, maximum lifetime and how passwords must be different over time (security.password.remember_previous). The recommendation to set security.password.advanced=false 3. Disable the Sweagle support user By default, there is a sweagle_support_<tenantName> user created. This user is created for those situations where it would be required for Sweagle support to access the tenant environment. It is recommended to create an SOP when an admin user can enable the Sweagle_support user for a short period of time. The sweagle_support user has the default status "disabled". The recommendation is to only enable this user for a specific period of time in case of a support case that would require access to the environment. 4. Configure roles and permissions, and assign users to specific rules As a recommendation do not use the generic built-in roles like "admin" or "editor". It's better to create path and action-based permissions and roles and assign users to specific roles. This will limit what a user can access and the kind of actions that are permitted. 5. Limit permissions for API users Ensure that API users which only need to consume configData have "read-only" permissions, and control the list of paths they can consume data from (define path based read-only policies).