Access Control

From CollectiveAccess Documentation
Revision as of 13:55, 20 May 2014 by Julia (talk | contribs)
Jump to: navigation, search

There are many ways to grant and restrict access in CollectiveAccess.

Intrinsic Access Bundle

When the intrinsic bundle "access" is included on an editing form, it can be used to set which records are viewable/restricted in Pawtucket. No special configuration is needed to utilize these checks, as this is a baked-in feature, although it it possible to customize the settings. In Pawtucket's /app/conf/app.conf file you'll see the following:

# -------------------
# Item viewablity (access enforcement)
# -------------------

# if set, no access checks are performed
dont_enforce_access_settings = 0

# list of values for 'access' field in objects, entities, places, etc. that allow public (unrestricted) viewing
public_access_settings = [1]

# list of values for 'access' field in objects, entities, places, etc. that allow privileged viewing 
# (ie. user in on a privileged network as defined below)
privileged_access_settings = [1,2]

# List of IP address to consider "privileged" (can see items where access = 1 or 2)
# It is ok to use wildcards ("*") for portions of the address to create class C or B addresses
# Eg., 192.168.1.* and 192.168.*.* are all valid and increasingly broad
privileged_networks = [192.168.6.*]

It's also possible to change the default values of the access drop-down by copying the list "access_statuses" from the base profile into a custom profile. Once there any value can be altered to meet local needs.

Type-level Access Control

To use type-level access control set the following in Providence's /app/conf/app.conf:

# -------------------------
# Type-level access control
# -------------------------
perform_type_access_checking = 1 

#if set to zero type-level control will be disabled

default_type_access_level = __CA_BUNDLE_ACCESS_EDIT__

Once this checking is enabled specific record types, such as certain object_types, can be set as "No Access" "Read-only access" or "Read/edit access" for different access roles in Providence. To alter the settings navigate to Manage > Access control > Access roles > Types.


Personal tools