360view xi3 new security concepts
TRANSCRIPT
-
8/14/2019 360view Xi3 New Security Concepts
1/33
New BOE Xi 3.x security
concepts
-
8/14/2019 360view Xi3 New Security Concepts
2/33
-
8/14/2019 360view Xi3 New Security Concepts
3/33
)ecurity $einition: User rights and restrictions=links between actors (user or
group) and universesuniverse overloads, documents, applications-security
commands, domains and stored procedures
)uper/isor:user centric! security vision
0ser centric security implementation
roup inheritance: "earest value selected
#nly 3 waysto implement security$ %asy to administrate
& user can belong to more than one group:ser instances
Eecti/e ri#ht calculation depending on ob'ect
BO5 or BO6 security: Reminder
-
8/14/2019 360view Xi3 New Security Concepts
4/33
1 BO5 or BO6 security concepts
2 BOE Xi R2 security concepts
3 BOE Xi 3.x security: Whats new
! "i#ration an$ i%p&e%entation: 'ha&&en#es
5 36()uite: )trea%&ine an$ exten$ )*+
BusinessO,-ects
-
8/14/2019 360view Xi3 New Security Concepts
5/33
BOE Xir2 security concepts:Folders
Under #% ir*, universes and documents are stored within o&$ers
#b'ects can be stored in one +older only$ here are +our +older trees
Think like Windows. It is a set of doors
Unlimited +older tree (documents universes)
-
8/14/2019 360view Xi3 New Security Concepts
6/33
-
8/14/2019 360view Xi3 New Security Concepts
7/33
BOE Xir2 security concepts:Users
& user can belong to more than one group (the %veryone group, a technical group
and a +unctional one)
-
8/14/2019 360view Xi3 New Security Concepts
8/33
-
8/14/2019 360view Xi3 New Security Concepts
9/33
BOE Xir2 security concepts:Rigts o!erloads
Explicit rights override inherited rights:
-
8/14/2019 360view Xi3 New Security Concepts
10/33
BOE Xir2 security concepts:Rigts
6 possible e1plicit values on security commands:
- Exp&icit&y #rante$(O4): User or group is given the right
- Exp&icit&y $enie$(4O): User or group is denied the right
- Not speciie$(N*): "o right assignment
Eecti/e ri#hts(user real rights) = e1plicit rights aggregation
Note: 0N) %eans 0Not )peciie$
N)! can be largely used because it does not have any e++ect on e++ective rights
calculation$ Used with O4! or 4O !, it is transparent
"S O# #O O#$"S
#O$"S
O#$#O
Xir2Object
s#O O# #O O# #O #O
-
8/14/2019 360view Xi3 New Security Concepts
11/33
1 BO5 or BO6 security concepts
2 BOE Xi R2 security concepts
3 BOE Xi 3.x security: Whats new
! "i#ration an$ i%p&e%entation: 'ha&&en#es
5 36()uite: )trea%&ine an$ exten$ )*+
BusinessO,-ects
-
8/14/2019 360view Xi3 New Security Concepts
12/33
BOE Xi %&x security: Generalin'o
New '"' interace: rainin# session nee$e$
No %o$iication on contents7actors:
- 0olders organi7ation remains the same: 8 +older trees
- "o change on groups structure
- 9till * category trees
- 9ervers and connections unchanged
New 8in$ o o,-ects: *ccess &e/e& are o,-ects &i8e others
- rede+ined &ccess ;evel ("&,
-
8/14/2019 360view Xi3 New Security Concepts
13/33
BOE Xi %&x security: Rigts
5ights are now divided in collection: .eneral, /ontent, &pplication and 9ystem
5ights have been duplicated on content: >undreds o+ rights
/ontent rights overload general rights
.eneral right set: 9chedule #b'ects prohibited
/ontent right
overloads .eneral settings: 9chedule 3eski 3ocuments
allowed
Net resu&t:
)che$u&e $ocu%ents not a&&owe$ except
9es8i $ocu%ents
-
8/14/2019 360view Xi3 New Security Concepts
14/33
-
8/14/2019 360view Xi3 New Security Concepts
15/33
BOE Xi %&x security: Uni!erseslist
.ranularity possible on accessible Universes
;ist o+ universes to re+resh documents:
;ist o+ universes to create?modi+y @ueries:
-
8/14/2019 360view Xi3 New Security Concepts
16/33
-
8/14/2019 360view Xi3 New Security Concepts
17/33
BOE Xi %&x security:Folder ineritance 2(2
2mpact on rights inheritance:
5ight only applied +or one door and not to sub
doorsB
-
8/14/2019 360view Xi3 New Security Concepts
18/33
BOE Xi %&x security:,neritance
2t is possible to override e1plicitly denied rights
2t is possible to e1plicitly deny a right at a top level and then e1plicitly granted the
same right at a lower level (without breaking inheritance like in i r*):
-
8/14/2019 360view Xi3 New Security Concepts
19/33
BOE Xi %&x security:Security settings
0irst door is no longer transparent
- Aou can no longer applied "& access level to all top level doors
Aou can apply multiple rights at one intersection
-
8/14/2019 360view Xi3 New Security Concepts
20/33
BOE Xi %&x security:E-ecti!e rigts
Eecti/e ri#hts (user real rights) = e1plicit rights aggregation
"ote: "9! means "ot speci+ied!
5ights inherited +rom groups$ /ould be multiple rights
%++ective rights calculation now also depends on:- 5ights set on /ontent
- ype o+ +older inheritance
"S O# #O O#$"S
#O$"S
O#$#O
Xi !.xObject
s#O O# #O O# #O #O
-
8/14/2019 360view Xi3 New Security Concepts
21/33
BOE Xi %&x security: .at/sne01
Aou can apply right at content level$ /ontent rights override general rights
Aou can override an e1plicitly denied right at a lower level
Aou can apply a right at +older level and at sub +olders level
Aou can apply multiple rights between a +older and a group
Aou can apply granularity on the list o+ universes you want to use +or
report creation or modi+ication
-
8/14/2019 360view Xi3 New Security Concepts
22/33
Xi it
-
8/14/2019 360view Xi3 New Security Concepts
23/33
Xi securityimplementation(migration:allenges
#% i 6$1 security model is power+ul
Understand the new security concepts
- ake advantage o+ them
- 5edesign your security model
/hallenges o+ security migration or implementation:
'ha&&en#e 1:
"ana#ethe repository post migration or post implementation, whilst limitingadministration tasks and by o++ering an optimum @uality o+ service to end-users
'ha&&en#e 2:
%p&e%ent an$ 9ocu%entyour i security
-
8/14/2019 360view Xi3 New Security Concepts
24/33
-
8/14/2019 360view Xi3 New Security Concepts
25/33
User +riendly web inter+ace to
manage your security
3ocument your deployed security
&udit and clean your /C9
&ddress any kind o+ .5/
-
8/14/2019 360view Xi3 New Security Concepts
26/33
ackup, version and restore content
5estore deleted content using our
uni@ue recycle bin
3rag and drop ob'ects between /C9or schedule promotion
/ompare 9& usiness#b'ects
environments
Canage report and universec
versions
-
8/14/2019 360view Xi3 New Security Concepts
27/33
)che$u&e )*+ BusinessO,-ects reports +rom an %1cel, /9< spreadsheet or a
9D; @uery distribution list
9yna%ic sche$u&in# an$ ,urstin#
- 0ill in prompts, +ilter, +ormat and destination values within %1cel, /9
-
8/14/2019 360view Xi3 New Security Concepts
28/33
-
8/14/2019 360view Xi3 New Security Concepts
29/33
-
8/14/2019 360view Xi3 New Security Concepts
30/33
-
8/14/2019 360view Xi3 New Security Concepts
31/33
/ompare your 9& # license
pool with the licenses you have
deployed
;icense compliance is 'ust a
mouse click away
-
8/14/2019 360view Xi3 New Security Concepts
32/33
9& usiness#b'ects custom
portals$ 2n+oview or 2 ;aunch ad
substitution
0ully integrated within intranet
-
8/14/2019 360view Xi3 New Security Concepts
33/33