280 likes | 382 Vues
Record Level Security. From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond. MV Strategy. Consider the security design currently in place. What does RLS do that is different? What do the users want? Uses for RLS at MV?
E N D
Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond
MV Strategy • Consider the security design currently in place. • What does RLS do that is different? • What do the users want? • Uses for RLS at MV? • Is RLS for ‘Everybody’/ Every situation after-all?
MV Security A range of security measures are used at Museum Victoria • User permissions • Data Partitions - Column access/default registry settings - Roles field in Parties - Repository field in MMR • Tab switching • Record Level Security
Data PartitionsColumn Access – Default Settings Department Discipline User
Data Partitions Parties Module Partitioned & Shared By Roles
Data Partitions Partitioned By Repository and Registry security setting. Access is restricted to users and/or groups. • MMR
Tab Switching • Reduce Access to sensitive information without RLS. This setting maintains a “closed” access to the record by reducing the tabs in display to one only “hiding” the rest using “Tab Switch”. Query tabs are still available. Only groups with permission will see the full record. All can still see this type of record exists. Only those with permission may see the full contents of records.
MV Strategy Consider the security design currently in place. What does RLS do that is different? What do the users want? Uses for RLS at MV? Is RLS for ‘Everybody’/ Every situation after-all?
What does RLS do that is different? rls can build on your existing user/group permissions by: • providing the ability to restrict a group of records within a department/discipline • allowing users to “share” ownership of records • providing users with access to collections of records they would not normally have access to
MV Strategy Consider the security design currently in place. What does Record Level Security do that is different? What do the users want? Uses for RLS at MV? Is RLS for ‘Everybody’/ Every situation after-all?
What do the users want? • Ability to partition data according to discipline or department • Ability to share but control the content within their own records • Ability to see and share another departments records
MV Strategy Consider the security design currently in place. What does RLS do that is different? What do the users want? Uses for RLS at MV? Is RLS for ‘Everybody’/ Every situation after-all?
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction
Uses for rls at MV • Taxonomy module – open and with permission to do anything at all until… RLS Taxonomy is still open but security refined. Editing and Deletion locked where needed
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction
Uses for rls at MV Transactions Module RLS To share & control from the outset.
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction
Uses for rls at MV Exhibition Objects Module Triage Access Permissions
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction
Uses for rls at MV Culturally restricted – records hidden to all but a few Tab Switch Controlled & Shared or Hidden
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction
Uses for rls at MV Digital Asset Management System (DAMS)
Uses for RLS at MV? Taxonomy Transactions Exhibition Objects Restricted and Secured Groups of Records e.g. Culturally Restricted artifacts Integrating systems to share assets e.g. Digital Asset Management System ‘Relax’ a restriction e.g. DNA Laboratory Data
Challenges • Implementing significant change within a functioning environment • Grouping data into Departments/Disciplines in preparation of setting rls on existing records • Loosening security in order to tighten security • Ensuring that rls is set correctly when a new record is inserted • Hiding records - is this the best option?
Benefits • Users evolving into more sophisticated ‘sharers’ • Cultural shift to more open attitudes towards data access • Significant user satisfaction with a more flexible and secure data model • Security significantly improved or made more robust • Ability to utilise RLS to assist with integration projects such as the MV DAMS • Promoting the sharing of data between disciplines
MV Strategy Consider the security design currently in place. What does RLS do that is different? What do the users want? Where is RLS needed? Is RLS for ‘Everybody’/ Every situation after-all?
Is RLS for Everybody/Every Situation After All? • RLS is not for every situation. • Each unique EMu site will have it’s own challenges. • RLS is useful and can help but not solve all your access and restriction issues. • A solid structure to begin with will support your implementation of RLS