collections management museums record level security brad lickman ke software
TRANSCRIPT
Collections Management Museums
Record Level Security
Record Level Security
Brad Lickman
KE Software
Collections Management Museums
Record Level Security
What is Record Level Security?
• Record Level Security (introduced in EMu 3.1) provides a mechanism to enhance currently available methods of controlling access to the EMu database.
• Record Level Security controls who can Display, Edit or Delete are record.
• Record Level Security is managed on the Security tab in every module (except Lookup Lists and Field Level Help).
Collections Management Museums
Record Level Security
How To:Change Permissions on One Record
Select the newly added user in the ‘Security’ pane and give permissions as appropriate.
In this case the ‘Display’ option in the ‘Permissions’ pane is not editable due to Inheritance.
Collections Management Museums
Record Level Security
How To:Change Permissions on a Group of Records
1. Query for the group of records that are to have the same Record Level Security permissions.
2. For one record, set the appropriate permissions.
3. Save the record.
4. Select Tools->Set Record Security->All Records
(The option to set permissions for selected records is also available)
5. EMu will prompt for confirmation. Once the confirmation is given the changes to Record Level Security will be made.
Collections Management Museums
Record Level Security
Why Add Record Level Security?
Record Level Security was added to EMu because there was a
demand for a mechanism to:
• “Hide” privileged records.
• Provide the ability to segment data sets and assign privileges to a segment.
• Enforce identical record access for all forms of data access.
Collections Management Museums
Record Level Security
Hiding Privileged Records
• Certain records in a collection could be considered “secret” or “sacred”.
• A mechanism was required to restrict all access to these records to a select few with appropriate permissions.
• Record Level Security was designed to allow administrators to restrict access to any record based on real-world restrictions.
Collections Management Museums
Record Level Security
Hiding Privileged Records
Removing ‘Everyone’ from the Security window on the Security tab
and adding the Group ‘Admin’ will prevent all users not in the
‘Admin’ group from accessing this record.
Collections Management Museums
Record Level Security
Segmenting Data Sets
• Record Level Security provides the ability to segment data sets by department.
• It may be desirable that only members of a specific department should be able to edit/delete that department’s records.
• In the next example it has been decided that all members of the ‘Curators’ group can display all records, but only curators in each department can edit/delete that department’s records.
Collections Management Museums
Record Level Security
Segmenting Data Sets
Criteria in both the Security box AND the Department box must be met to gain complete access to this record. Curators who are also in the Fine Art Department will have Display, Edit and Delete permissions. All other Curators will only have Display permissions.
Associating a User/Group with a particular Department is managed through the EMu Registry.
Collections Management Museums
Record Level Security
Duplicating Record Access in EMuWeb
• Access to the live EMu database through the EMu client is controlled through Record Level Security.
• Access to the EMu database through EMuWeb should mimic access defined through Record Level Security.
• Record Level Security allows administrators to define web access.
Collections Management Museums
Record Level Security
Duplicating Record Access in EMuWeb
• Options in the ‘Access’ pane can be configured to control access to records via EMuWeb.
This record can be viewed on the Intranet but not from the Internet.
Collections Management Museums
Record Level Security
Common Uses for Record Level Security
• “Hide” privileged records.
• Provide the ability to segment data sets and assign privileges to a segment.
• Enforce identical record access for all forms of data access, specifically, EMuWeb.
Collections Management Museums
Record Level Security
Troubleshooting Record Level Security
Why can't I locate records I know are there? Why, using the same search criteria, are my search results different from those of my colleague?
If a user does not have permission to view a record, it won't be listed in search results.
Why does this Attachment Field display as "Restricted"?
If the Summary Data in an attachment field has been replaced with "Restricted", the current user does not have permission to view the attached record.If the user sorts on the attachment field or includes the attachment field in a report, the field will display without any data.
Collections Management Museums
Record Level Security
One thing to remember!
Turning off permissions
A user can turn off their own privileges, but they can not turn them
back on again.
Only the EMu administrator can reassign permissions.
Collections Management Museums
Record Level Security
Contact
Brad Lickman
416-216-4615