1 / 64

AquaLogic User Interaction Security

AquaLogic User Interaction Security. LiJie Senior SE. Module Roadmap. Users, Groups and Object Access. Knowledge Directory Security. Community Security. Admin Folder Security. Single Sign-On. Portal Users.

varden
Télécharger la présentation

AquaLogic User Interaction Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AquaLogic User Interaction Security LiJieSenior SE

  2. Module Roadmap Users, Groups and Object Access Knowledge Directory Security Community Security Admin Folder Security Single Sign-On

  3. Portal Users • The Portal administrator creates users in the Portal, or syncs users into the Portal • The user can then log in • Each user is defined by an object in the Portal George Keith Helen Erica Ben

  4. Executive Community Members Executive CommunityManagers • George • Helen • Christine • Jack • Jim Portal Groups • The Portal administrator creates and manages groups • A group has one or more members* • A user belongs to one or more groups • All these users are in the Executive Community Members group • Helen is a member or two groups

  5. Portal Objects • Almost everything in the Portal is considered an object • Communities • Subcommunities • Portlets • Administrative folders • Document folders • Documents • Users • Groups … • Every object in the Portal has a list describing who can access that object – it is called an Access Control List (ACL)

  6. Access Control List • An Access Control list specifies which uses and groups have access to an object (and what kind of access privileges they have…see next page) Administrators Group Executive Community Members Executive Community Managers Executive Community … Administrator

  7. Access Privileges • ACLs have privileges that specify what a user/group can do with an object

  8. Example: ACL for a Community Object Groups Access Privileges User

  9. Module Roadmap Users, Groups and Object Access Knowledge Directory Security Community Security Admin Folder Security Single Sign-On

  10. Security Scenario #1 • The Knowledge Directory contains folders and objects (i.e., links to documents) within those folders • A user may be able to see some folders and not see others • If a user cannot see a folder, he cannot see or search for objects within that folder • Both folders and the objects within them are secured with ACLs

  11. Steps: View Document Folder Security • Steps to witness Knowledge Directory security • Log in as a George, a member of the Executive team and browse the Knowledge Directory • Log in as Keith, a member of Marketing and view the Knowledge Directory • View security on the Document folder and explain what is happening • See next slides for details…

  12. 1 Step 1: Log in as George Log in as George, who is in the Executive Community Members group

  13. 2 3 Step 1: Browse the Directory Choose Directory -> Browse Directory Click on the Financials subfolder, inside the Executive folder

  14. 4 5 Step 1: Click a Link to a Document Note that George can Submit links to this folder The contents of the Financial subfolder display Click on a link to see the underlying content Click Back

  15. 1 Step 2: Log in as Keith Log in as Keith, who is in the Marketing Community Members group

  16. 2 3 Step 2: Browse the Directory Choose Directory -> Browse Directory The Financials subfolder does NOT appear to Keith ???

  17. Step 3: View Document Folder ACL Access Control List for the Financials folder George is in this group Conclusion: The group that Keith is in (Marketing Community Members group) is not listed on the ACL; therefore, he cannot see the Financials folder or any documents inside of it. George is in Executive Community Members; he can access, view and submit documents to the Financials folder

  18. Access Levels: Folders, Objects in Folders • What ACLs mean to document folders • NONE: Cannot see folder • READ or SELECT: Can view the folder • EDIT: Can submit or crawl content into folder • ADMIN: Can approve documents for this folder • What ACLs mean on objects in folders • NONE: Cannot see object (search or browse) • READ or SELECT: Can view object • EDIT: Can overwrite object’s properties • ADMIN: Can edit the object’s ACL and delete object Note: You cannot update the content of a document in the Knowledge Directory

  19. Module Roadmap Users, Groups and Object Access Knowledge Directory Security Community Security Admin Folder Security Single Sign-On

  20. Based on what you know about Access Control List privileges, Which privileges do you think correspond to each above? READ, EDIT, SELECT, ADMIN, NONE Security Scenario #2 • Users can access a Community at various levels • Cannot see it at all (don’t know it exists) • Can browse the Community without joining it • Can join the Community and become a “member” • Can edit the Community • Can change the security settings • In scenario #2, you will see the difference between users with NONE, SELECT, EDIT and ADMIN access to a Community

  21. Steps: Observe Community Security • Steps to experience Community security • Log in as George, and go to the Executive Community • Log in as Keith and (try to) join the Executive Community • Log in as Helen and join the Executive Community • Log in as Erica • View security on the Admin folders and explain what is happening • See next slides for details…

  22. 1 2 Step 1: Log in as George Log in as George, who is in the Executive Community Members group Go to the Executive Community (George is already a member)

  23. Step 1: View the Community

  24. 1 Step 2: Log in as Keith Log in as Keith, who is in the Marketing Community Members group

  25. 2 3 Step 2: Join Executive Community Attempt to join the Executive Community Choose My Communities -> Join Communities Since it is not listed, search for Executive Community,then click

  26. 4 Step 2: Join Executive Community Result: Nothing is returned from Keith’s search because he does not have access to the Executive Community Click Cancel

  27. 1 2 Step 3: Log in as Helen Log in as Helen, who is in the Executive Community Managers group Go to the Executive Community (Helen is already a member)

  28. 3 Step 3: View the Community Result: Helen sees the Community and also has the option, Edit This Community; click on this link

  29. 4 Step 3: View Community Security The Community editor appears … Helen can edit the Community Click Security

  30. Step 3: View Community Security Result: Helen can view the security settings of the Community but she cannot change any security settings Click Cancel

  31. 1 2 Step 4: Log in as Erica Log in as Erica, who is in the Portal Managers group Go to the Executive Community (Erica is already a member)

  32. 3 Step 4: Edit the Community Result: Like Helen, Erica sees the Community and also has the option, Edit This Community; click on the link

  33. 4 Step 4: Edit the Community The Community editor appears … Erica can edit the Community Click Security

  34. Step 4: Edit Community Security Result: Erica can CHANGE the security settings for this Community -- add and delete users and groups to the ACL, change the privileges Click Cancel (please do not change any settings!) Helen is in this group George is in this group Erica is in this group The group that Keith is in (Marketing Community Members group) is not on the ACL … therefore, he cannot view or join the Executive Community

  35. Security Scenario #3 • There may be reasons to allow a user to view a Community without joining it • Differences to end user • Does not have to join and become a member • Community does not appear on My Communities tab • In the next example, Keith is in a group that has READ access to the Evergreen Community … see what happens!

  36. 1 2 Log in as Keith Log in as Keith, who is in the Marketing Community Members group Try to join the Evergreen Community

  37. 2 3 Try to Join Evergreen Community Search for Evergreen Community Keith cannot JOIN the Community … but he knows it exists and that he should be able to see it! Click Cancel

  38. 4 5 Try to View Evergreen Community Submit a Portal search … search for Evergreen Community The Portal returns the Evergreen Community this time… Click on it

  39. View the Evergreen Community Result: Keith is allowed to VIEW but not JOIN the Community

  40. Module Roadmap Users, Groups and Object Access Knowledge Directory Security Community Security Admin Folder Security Single Sign-On

  41. Access Levels: Administrative Folders • Like Document folders, Administrative folders are secured • What ACLs mean to Administrative folders • NONE: User cannot see the folder • READ or SELECT: User can see the folder • EDIT: User can create objects in the folder • ADMIN: User can delete the folder and change folder security

  42. Steps: View Admin Folder Security • Steps to experience administrative folder security • Log in as StudentN and go to the Administration page Make a note of the folders you can see • Log in as Ben and go to the Administration page; Make a note of the folders you can see • Log in as Erica and go to the Administration page; Make a note of the folders you can see • View security on the Admin folders and explain what is happening • As StudentN, try to create an object in an administrative folder • See next slides for details…

  43. 1 2 Step 1: Log in as StudentN Log in as StudentN (where N is your student number), who is a member of a group called Students Go to the Administration page

  44. 3 Step 1: Observe What StudentN Can See Note that you can see a folder called Community Lab and one subfolder … StudentN, where N is your student number

  45. 1 2 Step 2: Log in as Ben Log in as Ben, who is in the Sales Community Managers group Go to the Administration page

  46. 3 Step 2: Observe What Ben Can See Note that Ben cannot see the Community Lab or any of its subfolders ???

  47. 1 2 Step 3: Log in as Erica Log in as Erica, who is in the Portal Managers group Go to the Administration page

  48. 3 Step 3: Observe What Erica Can See Note that Erica can see the Community Lab folder and many subfolders…

  49. Community Lab StudentN Do you think StudentN or Erica can create anything in this folder? Why or why not? Step 4: View Folder Security Security for the Community Lab folder Erica is in this group StudentN is in this group

  50. Community Lab StudentN Can StudentN create anything in the StudentN folder? Why or Why not? Step 4: View Folder Security Security for the StudentN Folder StudentN is in this user…(where N is your student number)

More Related