Database Level Security
Access Control List (ACL) of Instant
Queue Connections database should have the following entries
The user or server with which the database is signed should
have entry with access level of ‘Manager’, user type ‘Person’ or ‘Server’
respectively and with ‘[Admin]’ role enabled
A entry called ‘Anonymous’ should exist
with an access level of ‘No Access’, user type ‘unspecified’ and with no role
enabled
A entry called ‘-Default-‘ should exist
with an access level of ‘No Access’, user type ‘unspecified’ and with no role
enabled
Domino Server on which the database
is hosted should have an entry with access level of ‘Manager’, user type
‘Server’ and with ‘[Admin]’ role enabled
There must exist a entry of a user or
a group with access level of ‘Manager’ and of user type ’Person’ or ‘Person
group’ who will responsible for administrating the database. This entry should
also have ‘[Admin]’ role enabled
There must exist a entry of a user or a
group with access level of ‘Author’ with ‘Create Documents’ and of user type
’Person’ or ‘Person group’ who will be users of the application.
If Users require to act as Managers for specific Queue(s) who should be able to add/remove experts to Queue(s), then there must exist a entry of a user or a group with access level of ‘Editor’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ (please refer to Queue Level Security section for more info on Managers of a Queue)
If Users require to act as Managers for specific Queue(s) who should be able to add/remove experts to Queue(s), then there must exist a entry of a user or a group with access level of ‘Editor’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ (please refer to Queue Level Security section for more info on Managers of a Queue)
If Users needs to be restricted to view
only the ‘Measurements and Reporting’ section of the ‘Dash Board’ then there
must exist a entry of a user or a group with access level of ‘Author’ with
‘Create Documents’ and of user type ’Person’ or ‘Person group’ and with
‘[Charting]’ role enabled
If Users needs to be restricted to view
only the ‘Monitoring Panel’ section of the ‘Dash Board’ i.e the experts section
then there must exist a entry of a user or a group with access level of ‘Author’
with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ and with
‘[Expert]’ role enabled
Queue Level Security
Users listed under Admin --> Settings --> Security can control the access to the Queue i.e these users have ability to
add or remove managers to a Queue who inturn can add or remove experts to that
Queue. These users can also edit/update other properties of the Queue
Before a user can be added to a queue as a manager,
they first need to be added to the application directory as ‘Manager’ under ADMIN --> Directory page
Users who will
be added as Managers to the queues should exist in the database ACL either as
user or in a group with with minimum access level of ‘Author’
If no user listed
as ‘Manager’ to a Queue then all the users who have access to the database can
view all the Queues and users have access level ‘Editor’ or above can edit all the
Queues.
If Managers are
defined for a Queue then the following users can read and edit that Queue
Users defined as
Managers for that Queue
Users specified in
the config settings security field
For rest of the
users who have access to the database cannot view this Queue in any of the
views and not even read their XML using URLs.
Suppose if a group
or user needs to be given access and should be able to view all Queues irrespective
of their names being specified or not in config settings or as managers of
Queue then they should be added to the ACL of the database with minimum access
of ‘Editor’ with ‘Create documents’ and ‘Admin’ role enabled.
The following is
the summary of Queue level access with respect to different roles in the
database
Role
|
Create Queues
|
Edit Queues
|
[Charting]
|
No
|
No
|
[Expert]
|
No
|
Yes (Can edit a Queue if he is in Managers
list and have minimum of Editor Access to the database)
|
No role defined
|
No
|
Yes (Can edit a Queue if he is in Managers
list and have minimum of Editor Access to the database)
|
[Admin]
|
Yes
|
Yes (User should have minimum of Editor
Access to the database)
|
Manager Panel
Users should be listed under Admin --> Settings --> Security to view and manage Queues using ‘Manager Panel’ of ‘DashBoard’ section.
No comments:
Post a Comment