This demonstration shows how Break the Glass policies can be used to
give users direct responsibility over their actions. A confidential
record is controlled via a BTG policy. Users with low privileges are
not allowed to access this resource under any circumstances. Users with
medium privileges are not allowed to access this resource unless they
first decide to BTG. In so doing these users realise that they will
need to face the consequences later (in our demo an email message is
sent to the security administrator informing him about the BTG). Users
with high privileges have access to the confidential records without
needing to BTG.
In order to run the demonstration you will need to enter one of the
following username-password combinations.
| Username | Password | Details |
| Ana | Ana | A student who is not allowed to BTG under any circumstances, and cannot access the confidential records. |
| Rui | Rui | A teacher who is allowed to BTG and access the confidential records after doing so. |
| David | David | A professor who has no need to BTG, as he is always allowed to access the confidential records. |