Changes

Securing MINT Domains

309 bytes added, 15:50, 23 September 2014

no edit summary

MINT allows restricting access to domains to specific roles and users. Concretely, access can be restricted on the row-level and on the column-level. Typical use cases are the following:

* '''Row-level security''': when querying progress report data (activities), the National Mine Action Centre (NMAC) should see all data, but users from each operator should only see data/reports submitted by them. The definition of row-level access is implemented on the level of '''users'''.* '''Column-level security''': when querying victim data, certain groups of users should not be able to view victim names. The definition of column-level access is implemented on the level of '''roles'''.

== Row-level security ==__NOEDITSECTION__

=== Use case description ===__NOEDITSECTION__

* There are two operators who are given access to MINT in general and this domain in particular: ''Operator1'' and ''Operator2''. However, there is the restriction that Operator1 should only see rows of activities carried out by Operator1. Similarly, Operator2 should only see rows of activities carried out by Operator2.

=== Implementation ===__NOEDITSECTION__

~~The definition of row~~In order to implement the above-~~level access~~ mentioned use case, it is ~~implemented~~ sufficient to define one single domain and configure the security accordingly. Two steps are required for this:# Define Attribute-Value pairs on those users that should have restricted access.# Define and upload a security file for the ~~level of '''users'''~~domain.

<br />Example:

<pre>

=== Use case description ===__NOEDITSECTION__

=== Implementation ===__NOEDITSECTION__

~~The definition of row-level access is implemented on the level of '''roles'''.~~

<br />Example:

<pre>

Evinek

NoPublic, bureaucrat, administrator

1,068

edits