Securing MINT Domains: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{TOC right}} | {{TOC right}} | ||
{{Under construction| This page is under construction}} | {{Under construction| This page is under construction}} | ||
MINT allows restricting access to domains to specific roles and users. Concretely, access can be restricted on the row-level and on the column-level. Typical use cases are the following: | |||
* '''Row-level security''': | |||
* '''Column-level security''': | |||
== Row-level security ==__NOEDITSECTION__ | == Row-level security ==__NOEDITSECTION__ | ||
=== Use case description ===__NOEDITSECTION__ | |||
=== Implementation ===__NOEDITSECTION__ | |||
Example: | Example: | ||
<pre> | <pre> | ||
| Line 21: | Line 25: | ||
</securityDefinition> | </securityDefinition> | ||
</pre> | </pre> | ||
=== Example download ===__NOEDITSECTION___ | |||
== Column-level security ==__NOEDITSECTION__ | == Column-level security ==__NOEDITSECTION__ | ||
=== Use case description ===__NOEDITSECTION__ | |||
=== Implementation ===__NOEDITSECTION | |||
Example: | Example: | ||
<pre> | <pre> | ||
| Line 47: | Line 55: | ||
</securityDefinition> | </securityDefinition> | ||
</pre> | </pre> | ||
=== Example download ===__NOEDITSECTION___ | |||
{{NavBox Business Intelligence}} | {{NavBox Business Intelligence}} | ||
[[Category:VIE]] | [[Category:VIE]] | ||
Revision as of 12:59, 23 September 2014
 |
This page is under construction |
MINT allows restricting access to domains to specific roles and users. Concretely, access can be restricted on the row-level and on the column-level. Typical use cases are the following:
- Row-level security:
- Column-level security:
Row-level security
Use case description
Implementation
Example:
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<resourceAccessGrants>
<!-- Row level security -->
<!-- What access do roles/users have to the rows in the resource? -->
<resourceAccessGrantList id="JoinTree_1_List" label="ListLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<!-- Row level restrictions for Organisations, e.g. Operator X only sees his own progress reports -->
<resourceAccessGrant id="Jointree_1_row_access_grant_20">
<principalExpression><![CDATA[authentication.principal.attributes.any{it.attrName in ['Organisation'] }]]></principalExpression>
<filterExpression>testProfileAttribute(parent_organisation.parent,'Organisation')</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition>
=== Example download ===_
Column-level security
Use case description
=== Implementation ===__NOEDITSECTION Example:
<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">
<!-- Column level security -->
<!-- What access do roles/users have to the fields in an item group? -->
<itemGroupAccessGrants>
<itemGroupAccessGrantList id="grant_item_group_Victims" label="aLabel" itemGroupId="victims" defaultAccess="granted">
<itemGroupAccessGrants>
<!-- Column level for Victims: allow general access to ROLE_NOVICTIMNAMES, then deny access to specific fields -->
<itemGroupAccessGrant id="Victims_item_group_access_grant" access="granted">
<principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_NOVICTIMNAMES'] }</principalExpression>
<itemAccessGrantList id="Victims_grant_item_group_items" defaultAccess="granted">
<itemAccessGrants>
<!-- Deny access to the name and surname of victims -->
<itemAccessGrant id="Jointree_1_grant2_items_grant1" itemId="givenname" access="denied" />
<itemAccessGrant id="Jointree_1_grant2_items_grant2" itemId="familyname" access="denied" />
</itemAccessGrants>
</itemAccessGrantList>
</itemGroupAccessGrant>
</itemGroupAccessGrants>
</itemGroupAccessGrantList>
</itemGroupAccessGrants>
</securityDefinition>
=== Example download ===_
{{#switch:|subgroup|child=|none=|#default=
}}{{#if:Business Intelligence|{{#if:|<th scope="col" style="border-left:2px solid #fdfdfd;width:100%;|}}{{#if:|{{#if:Business Intelligence|}}}}{{#if:Install Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation|{{#if:Business Intelligence|}}{{#if:|}}{{#if:Staging Area Generator|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|{{#if:|}}}}{{#if: IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation|}}{{#if:IMSMA Staging Area|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|}}{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:Other Reporting Tools|{{#if:Other Reporting Tools|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if: Introduction to indicators|{{#if:Indicators|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:Business IntelligenceInstall Staging Area Generator · Using Staging Area Generator · Post Processing SQL Scripts · SAG Spatial reference system · Name Rules Staging Area · Scheduling the Staging Area creation IMSMA Staging Area Database · Connecting to IMSMA Staging area from ArcGIS · Connecting to IMSMA Staging area from Excel · Sharing an IMSMA Staging Area|}}}}
|none=|#default= | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
}}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:securing mint domains
|doc
|sandbox
|testcases =
|#default = {{#switch:hlist
|plainlist
|hlist
|hlist hnum
|hlist vcard
|vcard hlist =
|#default =
}}
}}
}}}}}}