Difference between revisions of "Access Control"

From CollectiveAccess Documentation
Jump to: navigation, search
(Blanked the page)
Line 1: Line 1:
 +
There are many ways to grant and restrict access in CollectiveAccess.
  
 +
==Intrinsic Access Bundle==
 +
When the [[ Intrinsic_Bundles|intrinsic bundle ]] "access" is included on an editing form, it can be used to set which records are viewable/restricted in Pawtucket.  No special configuration is needed to utilize these checks, as this is a baked-in feature, although it it possible to customize the settings.  In Pawtucket's /app/conf/app.conf file you'll see the following:
 +
 +
<code><pre>
 +
# -------------------
 +
# Item viewablity (access enforcement)
 +
# -------------------
 +
 +
# if set, no access checks are performed
 +
dont_enforce_access_settings = 0
 +
 +
# list of values for 'access' field in objects, entities, places, etc. that allow public (unrestricted) viewing
 +
public_access_settings = [1]
 +
 +
# list of values for 'access' field in objects, entities, places, etc. that allow privileged viewing
 +
# (ie. user in on a privileged network as defined below)
 +
privileged_access_settings = [1,2]
 +
 +
# List of IP address to consider "privileged" (can see items where access = 1 or 2)
 +
# It is ok to use wildcards ("*") for portions of the address to create class C or B addresses
 +
# Eg. 192.168.1.5, 192.168.1.* and 192.168.*.* are all valid and increasingly broad
 +
privileged_networks = [192.168.6.*]
 +
</pre></code>
 +
 +
It's also possible to change the default values of the access drop-down by copying the list "access_statuses" from the base profile into a custom profile.  Once there any value can be altered to meet local needs.
 +
 +
==Type-level Access Control==
 +
 +
To use type-level access control set the following in Providence's /app/conf/app.conf:
 +
 +
<code><pre>
 +
# -------------------------
 +
# Type-level access control
 +
# -------------------------
 +
perform_type_access_checking = 1
 +
 +
#if set to zero type-level control will be disabled
 +
 +
default_type_access_level = __CA_BUNDLE_ACCESS_EDIT__
 +
</code></pre>
 +
 +
Once this checking is enabled specific record types, such as certain object_types, can be set as "No Access" "Read-only access" or "Read/edit access" for different access roles in Providence.  To alter the settings navigate to Manage > Access control > Access roles > Types.

Revision as of 13:55, 20 May 2014

There are many ways to grant and restrict access in CollectiveAccess.

Intrinsic Access Bundle

When the intrinsic bundle "access" is included on an editing form, it can be used to set which records are viewable/restricted in Pawtucket. No special configuration is needed to utilize these checks, as this is a baked-in feature, although it it possible to customize the settings. In Pawtucket's /app/conf/app.conf file you'll see the following:

# -------------------
# Item viewablity (access enforcement)
# -------------------

# if set, no access checks are performed
dont_enforce_access_settings = 0

# list of values for 'access' field in objects, entities, places, etc. that allow public (unrestricted) viewing
public_access_settings = [1]

# list of values for 'access' field in objects, entities, places, etc. that allow privileged viewing 
# (ie. user in on a privileged network as defined below)
privileged_access_settings = [1,2]

# List of IP address to consider "privileged" (can see items where access = 1 or 2)
# It is ok to use wildcards ("*") for portions of the address to create class C or B addresses
# Eg. 192.168.1.5, 192.168.1.* and 192.168.*.* are all valid and increasingly broad
privileged_networks = [192.168.6.*]

It's also possible to change the default values of the access drop-down by copying the list "access_statuses" from the base profile into a custom profile. Once there any value can be altered to meet local needs.

Type-level Access Control

To use type-level access control set the following in Providence's /app/conf/app.conf:

# -------------------------
# Type-level access control
# -------------------------
perform_type_access_checking = 1 

#if set to zero type-level control will be disabled

default_type_access_level = __CA_BUNDLE_ACCESS_EDIT__
</code>

Once this checking is enabled specific record types, such as certain object_types, can be set as "No Access" "Read-only access" or "Read/edit access" for different access roles in Providence. To alter the settings navigate to Manage > Access control > Access roles > Types.

Namespaces

Variants
Actions
Navigation
Tools
User
Personal tools