Security Administration

Overview of Security Administration

Security administration is the task of deciding what users have access to what objects. Here, you will:

Manage Access Control Lists, including members and their permissions.
Assign Access Control Lists to certain objects.

iKnowBase uses Access control lists (ACLs) to manage permissions:

An ACL is a set of groups and users, referred to as members, that are assigned permissions. The ACL itself does not, however, decide which documents or other objects the permissions apply to.
Later, the ACL is used by objects (such as a document), and the permissions specified by the ACL is applied to the object.

Access control list member privileges:

Property	Description
Read	Granted the privilege to read content in iKnowBase.
Modify	Granted the privilege to read and modify content in iKnowBase.
Protected	Granted the privilege to view dimensions that are protected with the access control list in iKnowBase.
Delete	Granted the privilege to delete content in iKnowBase.
Approver	Granted the privilege to approve the publication of content in iKnowBase.
Creatable	Granted the privilege to create content in iKnowBase.
Categorize	Granted the privilege to categorize content with a dimension that is protected with the access control list.
Valid from	The date from which the member is valid.
Valid to	The expiry date for the member.

Manage Access Control Lists

The ACLs are maintained in iKnowBase. Use the user directory tools of the iKnowBase Development Studio to manage ACLs. See User Administration Reference for further information.

Assign Access Control Lists to Objects

ACLs may be assigned to the following objects:

Information objects, also referred to as documents
Dimensions
Forms
Task Wizards
Pages
Subsystems

You may assign an ACL to a document when it is published or by modifying an existing document using a form.

You may assign an ACL to a dimension by using the metadata management tools of iKnowBase Development Studio, see User Administration Reference for further information.

You may assign an ACL to a form, task wizard, page, or subsystem by using the development tool tools of iKnowBase Development Studio, see Development Reference for further information.

Overview of Document Access

Every iKnowBase document (information object) may have an ACL applied to it. This ACL decides which users are given permission to the document, and which permissions that apply.

This section describes which permissions apply to a document.

Note: The ACL of the document doesn’t apply for the owner of the document. The owner will always have all rights to the document.

Note: If a document doesn’t have an ACL applied, it is available to everyone.

Permissions that apply to a document:

Property	Description
Read	Lets the user read the document (metadata and content)
Modify	Lets the user modify the document
Delete	Lets the user delete the document
Approver	Lets the user approve a document created by another user (requires additional approval setup)

Overview of Dimension Access

iKnowBase uses the concept of dimensions to organize content. Every dimension may have an ACL applied to it. This ACL decides user permissions to the dimension.

This section describes which permissions apply to a dimension.

Permissions that apply to a dimension:

Property	Description
Categorize	Lets the user categorize content (documents) with this dimension.
Protected	Lets the user navigate to the dimension (and see documents tagged with this dimension, given that the documents themselves allow this). Note: There are two important scenarios here: A user may not have Protected access to the dimension, but still have Read access to the documents. Then, the user may not navigate through the dimension hierarchy, but may still find the document through other access paths (other dimensions, search, etc). A user may have Protected access to the dimension, but still not have Read access to the documents. Then, the user will not be able to access the document through any mechanism.

Property

Description

Categorize

Lets the user categorize content (documents) with this dimension.

Protected

Lets the user navigate to the dimension (and see documents tagged with this dimension, given that the documents themselves allow this).

Note: There are two important scenarios here:

A user may not have Protected access to the dimension, but still have Read access to the documents. Then, the user may not navigate through the dimension hierarchy, but may still find the document through other access paths (other dimensions, search, etc).
A user may have Protected access to the dimension, but still not have Read access to the documents. Then, the user will not be able to access the document through any mechanism.

Overview of Form Access

iKnowBase uses forms to edit or create content (documents). Every form may have an ACL which decides user access to the form.

This section describes which permissions apply to a form.

Permissions that apply to a form:

Property	Description
Creatable	Lets the user have access to this form, and use it to create and update content.

Overview of Task Wizard Access

iKnowBase uses task wizards to perform tasks and thereby create and update content (documents). Every task wizard may have an ACL which decides user access to the task wizard.

This section describes which permissions apply to a task wizard.

Permissions that apply to a task wizard:

Property	Description
Creatable	Lets the user have access to this task wizard, and use it to perform tasks and create and update content.

Overview of Page Access

iKnowBase uses pages to present content (documents). Every page may have an ACL which decides user access to the page.

This section describes which permissions apply to a page.

Permissions that apply to a page:

Property	Description
Read	Lets the user access this page. Note: The user may have Read access to a page, but still not have access to objects and documents on that page. Then, the user will not be able to access those objects and document through the page.

Overview of Subsystem Access

iKnowBase uses subsystem to categorize components used in the iKnowBase portal. Every subsystem may have an ACL which decides user access to manage components with the given subsystem.

This section describes which permissions apply to a subsystem.

Permissions that apply to a subsystem:

Property	Description
Read	Lets the user have access to manage components categorized with this subsystem. Note: A user may have Read access to the component itself. Then, the user will have access to the component, but not to manage it.

Security Administration
Previous		Next
User Administration		Metadata Administration

Previous	Top	Next
User Administration		Metadata Administration