Security Rules were introduced with Vizlib Server v1.6.0. and can be created and maintained in the Vizlib Management Console (VMC). Security rules can be applied to features within Vizlib Collaboration and Vizlib Finance, including streams, destinations, workflows and user roles, helping you manage access to your server configuration and user data and set user permissions.
TABLE OF CONTENTS
Creating a New Security Rule
Security Rules are found in the VMC under Security Rules (Figure 1). Clicking the Description will open the rule for editing, while clicking New Rule will open the Create Security Rule window.
Figure 1: Security Rules Menu
When you create a security rule, you'll need to enter values for the items listed here.
- Description - A unique name for your security rule.
- Resource Type - The VMC feature which selects the security rule settings - Teamwork Stream, Finance Stream, Writeback Destination, Workflow, Integration, Teamwork Workspace, Finance Workspace, Lock Group and User Role (only available for Root Admin and Admin users).
- Resource ID - A list of Resource Type instances where your security rule is applied.
- Teamwork Stream/Finance Stream - select from a list of available streams.
- Teamwork Workspace/Finance Workspace - select from a list of available workspaces.
- Writeback Destination - select from a list of available destinations.
- Workflow - select from a list of available workflows.
- Integration - select from a list of available integrations.
- Lock Group - select from a list of available lock groups.
- User Role - select a VMC user role from Root Admin, Admin, or Content Admin. You can find our more about user roles here.
- Access Level - A property which controls the type of user access to the resource.
- Condition(s) - A logical condition describing when the security rule should be met (e.g. assigning access to a specific user) using the properties Attribute Type, Operator, Value. Conditions can be defined using the following user attributes - userId, userDirectory, name, roles, a custom property and user attributes (stored within QRS).
Note: Dynamic user attributes (available only per session) are not supported.
Figure 2 shows a rule where the Write access level for a Teamwork Stream is only granted to users from the VlZLIB user directory.
Figure 2: Create Security Rule
Each Security Rule can contain one or more conditions. There are several actions you can perform on a condition to group them in unlimited ways (Figure 3).
Figure 3: Conditions Menu
- Create Child Group - Creates condition group one level below. Imagine that you have condition A and B. Creating a child group on condition A would result in creating brackets around it - (A) and B
- Move to Child Group - Considering condition (A) and B, the operation performed on condition B would result in (A and B)
- Move to parent group - Performing this operation while having (A and B) on condition A would result in A and (B)
- Move group up - Considering conditions (A and B) or (C and D), performing this operation on C would result in (A and B and C) or (D)
- Move group down - Works similar to the Move group up option, but in the other direction.
User Access Levels
Security rules can be created to help manage resources by applying an Access Level to users.
- Teamwork Stream / Finance Stream - If Secure Stream is enabled in the stream settings, users cannot access the stream without Read, Write or Admin permissions.
- Writeback Destination - If Secure Destination is enabled in the destination settings, users cannot access the destination without Write access.
- Workflow - If a workflow state has a Visibility setting of Limited, users cannot view these settings unless they are granted Approver permissions in a security rule.
- User Role - Access levels for users can be viewed in User Roles. For more information on user role permissions, please see our article here.
Resource owners can also create a rule which grants VMC Admin access to allow other Content Admin users to manage the resource. VMC Admin rights are available for streams, destinations, workspaces and integrations.
Figure 4 shows a Finance Stream with Secure Stream enabled, and the tooltip instructions to create a security rule to manage access.
Figure 4: Finance Stream User Access
Vizlib Server Migration (Below v1.6.0)
If you have a version of Vizlib Server below v1.6.0 installed, a migration will occur during the upgrade which will automatically create certain security rules, based on existing custom properties. This will allow you to safely upgrade without taking any further action. When the migration completes, your user access settings will be unchanged.