Difference between revisions of "Content Security"
(Created page with "Category:Functions =Overview= The Content Security module is available from the Administration menu which is available to users with Administrator and Agency access rights...") |
|||
Line 20: | Line 20: | ||
===Server Security Setting=== | ===Server Security Setting=== | ||
Below is an example of the Security Settings for a Registry which is fully ‘public’. | Below is an example of the Security Settings for a Registry which is fully ‘public’. | ||
+ | |||
[[File:Consec1.PNG|1000px]] | [[File:Consec1.PNG|1000px]] | ||
+ | |||
+ | '''The options explained''' | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Setting !! Usage / Impact if Content Security Implemented | ||
+ | |- | ||
+ | | Server Security || '''Public''': Anonymous users can view structural metadata and data content in addition to authenticated users.<br> | ||
+ | |||
+ | '''Private''': Anonymous users are not allowed – all users must be authenticated before any content can be viewed.<br> | ||
+ | Applying Content Security rules further restricts what structural metadata and data users that do have access are able to see.<br> | ||
+ | |||
+ | This setting will be impacted by rules set up in Content Security as what users will see could be restricted due to the Security Groups and restrictions applied. | ||
+ | |- | ||
+ | | Data Validation || This setting relates to validating data loaded into Fusion Registry. It can be set to Private or restricted to via URL load only. This setting is not impacted by Content Security. | ||
+ | |- | ||
+ | | Data Reporting || This setting means that any one can view data published into the Registry.<br> | ||
+ | |||
+ | If set to Private, the Provision Agreements and related data can only be viewed by the Data Provider to which the Provision Agreement is assigned. Agency users can view all Provision Agreements assigned to their Agency and Administration users can view all Provision Agreements.<br> | ||
+ | |||
+ | |} |
Revision as of 04:52, 23 November 2020
Overview
The Content Security module is available from the Administration menu which is available to users with Administrator and Agency access rights. The module allows you to decide who, inside and outside your organisation, can view Structures and Data.
The module is simple and straight forward to use however before you embark on any implementation it is recommended that you spend some time planning out what you want to achieve before you start.
Principles of Operation
Depending on the setting specified in the Administration area, Security Settings, General, all structures are public by default. This means that you do not need to give specific access to any structures or data if you are using the Content Security module. The Security Module is to prevent access to the many by giving access to the few.
Key Concepts
- Content Security provides control over who can view structural metadata and observational data content.
- It does not control who can create and maintain structural metadata – this is managed by granting users membership of SDMX Agency organisations.
- It does not control who can submit, amend, or revise data – this is managed by granting users membership of SDMX Data Provider organisations.
- All structures and data are visible to all users unless Content Security rules are applied.
- The Server Security setting controls whether anonymous users are allowed in addition to authenticated users: Public – anonymous users are allowed, Private – only authenticated users.
- A Structure Rule restricts the visibility of a structure to members of specific Security Groups.
- Rules placed on a structure are inherited by any structures or data sets than depend on it.
- A Data Rule restricts the visibility of selected series or observations in a data set to members of a specific Security Groups.
Server Security Setting
Below is an example of the Security Settings for a Registry which is fully ‘public’.
The options explained
Setting | Usage / Impact if Content Security Implemented |
---|---|
Server Security | Public: Anonymous users can view structural metadata and data content in addition to authenticated users. Private: Anonymous users are not allowed – all users must be authenticated before any content can be viewed. This setting will be impacted by rules set up in Content Security as what users will see could be restricted due to the Security Groups and restrictions applied. |
Data Validation | This setting relates to validating data loaded into Fusion Registry. It can be set to Private or restricted to via URL load only. This setting is not impacted by Content Security. |
Data Reporting | This setting means that any one can view data published into the Registry. If set to Private, the Provision Agreements and related data can only be viewed by the Data Provider to which the Provision Agreement is assigned. Agency users can view all Provision Agreements assigned to their Agency and Administration users can view all Provision Agreements. |