Home > Storage > ObjectScale and ECS > Product Documentation > ECS PCI DSS Compliance > Requirement 7: Restrict access to cardholder data by business need to know
This requirement ensures payment card data is only accessed by authorized individuals. Enforcing this requirement is achieved through systems and processes that ensure access to payment card data is based on a “Need to know” basis, where the least amount of data is divulged to perform a job.
ECS provides user authentication control to verify the users attempting to access the ECS system by user roles, object access control lists (ACLs) and Unique identifiers (UIDs). For more information, refer to ECS Security Configuration Guide.
The other requirements in this section are enforced through policies, procedures, and processes external to the ECS cluster.