Wednesday, February 1, 2012

IQM V4 Database and Queues Security

Database Level Security





Access Control List (ACL) of Instant Queue Connections database should have the following entries

The user or server with which the database is signed should have entry with access level of ‘Manager’, user type ‘Person’ or ‘Server’ respectively and with ‘[Admin]’ role enabled

A entry called ‘Anonymous’ should exist with an access level of ‘No Access’, user type ‘unspecified’ and with no role enabled

A entry called ‘-Default-‘ should exist with an access level of ‘No Access’, user type ‘unspecified’ and with no role enabled

Domino Server on which the database is hosted should have an entry with access level of ‘Manager’, user type ‘Server’ and with ‘[Admin]’ role enabled

There must exist a entry of a user or a group with access level of ‘Manager’ and of user type ’Person’ or ‘Person group’ who will responsible for administrating the database. This entry should also have ‘[Admin]’ role enabled

There must exist a entry of a user or a group with access level of ‘Author’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ who will be users of the application.


If Users require to act as Managers for specific Queue(s) who should be able to add/remove experts to Queue(s), then there must exist a entry of a user or a group with access level of ‘Editor’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ (please refer to Queue Level Security section for more info on Managers of a Queue)

If Users needs to be restricted to view only the ‘Measurements and Reporting’ section of the ‘Dash Board’ then there must exist a entry of a user or a group with access level of ‘Author’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ and with ‘[Charting]’ role enabled

If Users needs to be restricted to view only the ‘Monitoring Panel’ section of the ‘Dash Board’ i.e the experts section then there must exist a entry of a user or a group with access level of ‘Author’ with ‘Create Documents’ and of user type ’Person’ or ‘Person group’ and with ‘[Expert]’ role enabled

Queue Level Security

Users listed under Admin --> Settings --> Security can control the access to the Queue i.e these users have ability to add or remove managers to a Queue who inturn can add or remove experts to that Queue. These users can also edit/update other properties of the Queue










Before a user can be added to a queue as a manager, they first need to be added to the application directory as ‘Manager’ under ADMIN --> Directory page



Users who will be added as Managers to the queues should exist in the database ACL either as user or in a group with with minimum access level of ‘Author’
If no user listed as ‘Manager’ to a Queue then all the users who have access to the database can view all the Queues and users have access level ‘Editor’ or above can edit all the Queues.

If Managers are defined for a Queue then the following users can read and edit that Queue
Users defined as Managers for that Queue
Users specified in the config settings security field

For rest of the users who have access to the database cannot view this Queue in any of the views and not even read their XML using URLs.

Suppose if a group or user needs to be given access and should be able to view all Queues irrespective of their names being specified or not in config settings or as managers of Queue then they should be added to the ACL of the database with minimum access of ‘Editor’ with ‘Create documents’ and ‘Admin’ role enabled.

The following is the summary of Queue level access with respect to different roles in the database

Role
Create Queues
Edit Queues
[Charting]
No
No
[Expert]
No
Yes (Can edit a Queue if he is in Managers list and have minimum of Editor Access to the database)
No role defined
No
Yes (Can edit a Queue if he is in Managers list and have minimum of Editor Access to the database)
[Admin]
Yes
Yes (User should have minimum of Editor Access to the database)



Manager Panel

Users should be listed under Admin --> Settings --> Security to view and manage Queues using ‘Manager Panel’ of ‘DashBoard’ section.






No comments: