Changes

Jump to: navigation, search

Securing MINT Domains

309 bytes added, 15:50, 23 September 2014
no edit summary
{{Under construction| This page is under construction}}
MINT allows restricting access to domains to specific roles and users. Concretely, access can be restricted on the row-level and on the column-level. Typical use cases are the following:
* '''Row-level security''': when querying progress report data (activities), the National Mine Action Centre (NMAC) should see all data, but users from each operator should only see data/reports submitted by them. The definition of row-level access is implemented on the level of '''users'''.* '''Column-level security''': when querying victim data, certain groups of users should not be able to view victim names. The definition of column-level access is implemented on the level of '''roles'''.
== Row-level security ==__NOEDITSECTION__
=== Use case description ===__NOEDITSECTION__
* There are two operators who are given access to MINT in general and this domain in particular: ''Operator1'' and ''Operator2''. However, there is the restriction that Operator1 should only see rows of activities carried out by Operator1. Similarly, Operator2 should only see rows of activities carried out by Operator2.
=== Implementation ===__NOEDITSECTION__
The definition of rowIn order to implement the above-level access mentioned use case, it is implemented sufficient to define one single domain and configure the security accordingly. Two steps are required for this:# Define Attribute-Value pairs on those users that should have restricted access.# Define and upload a security file for the level of '''users'''domain
<br />Example:
<pre>
=== Use case description ===__NOEDITSECTION__
=== Implementation ===__NOEDITSECTION__
The definition of row-level access is implemented on the level of '''roles'''.
<br />Example:
<pre>
1,068
edits

Navigation menu