Security Rules were introduced with Vizlib Server v1.6.0. and can be created and maintained in the Vizlib Management Console (VMC). Security rules can be applied to features within Vizlib Collaboration and Vizlib Finance, including streams, destinations, workflows and user roles, helping you manage access to your server configuration and user data and set user permissions.
TABLE OF CONTENTS
Creating a New Security Rule
Security Rules are found in the VMC under Security Rules (Figure 1). Clicking the Description will open the rule for editing, while clicking New Rule will open the Create Security Rule window.
Figure 1: Security Rules Menu
When you create a security rule, you'll need to enter values for the items listed here.
- Description - A unique name for your security rule.
- Resource Type - The VMC feature which selects the security rule settings - Teamwork Stream, Finance Stream, Writeback Destination, Workflow or User Role (only available for Root Admin and Admin users).
- Resource ID - A list of Resource Type instances where your security rule is applied.
- Teamwork Stream/Finance Stream - select from a list of available streams.
- Writeback Destination - select from a list of available destinations.
- Workflow - select from a list of available Workflows.
- User Role - select a VMC user role from Root Admin, Admin or Content Admin. You can find our more about user roles here.
- Access Level - A property controlling access to the resource.
- Teamwork Stream/Finance Stream - Read, Write or Admin.
- Writeback Destination - Write.
- Workflows - Approver.
- Condition(s) - Logical condition describing when the security rule should be met (e.g. assigning access to a specific user) - Attribute Type, Operator, Value. Conditions can be defined using the following user attributes - userId, userDirectory, name, roles, a custom property and user attributes (stored within QRS).
Note: Dynamic user attributes (available only per session) are not supported.
Figure 2 shows a rule where Write access for a Teamwork Stream is only granted to users from the VlZLIB user directory.
Figure 2: Create Security Rule
Conditions
Each Security Rule can contain one or more conditions. There are several actions you can perform on a condition to group them in unlimited ways (Figure 3).
Figure 3: Conditions Menu
- Create Child Group - Creates condition group one level below. Imagine that you have condition A and B. Creating a child group on condition A would result in creating brackets around it (A) and B
- Move to Child Group - Considering condition (A) and B, the operation performed on condition B would result in (A and B)
- Move to parent group - Performing this operation while having (A and B) on condition A would result in A and (B)
- Move group up - Considering conditions (A and B) or (C and D), performing this operation on C would result in (A and B and C) or (D)
- Move group down - Works similar to the Move group up option, but in the other direction.
User Access Levels
Security rules can be applied to resources to manage user access levels.
- Teamwork Stream / Finance Stream - If Secure Stream is enabled in the stream settings, users cannot access the stream unless they are granted Read, Write or Admin permissions in a security rule.
- Writeback Destination - If Secure Destination is enabled in the destination settings, users cannot access the destination unless they are granted Write access in a security rule.
- Workflow - If a workflow state has a Visibility setting of Limited, users cannot view these settings unless they are granted Approver permissions in a security rule.
- User Role - Access levels for users can be viewed in User Roles. For more information on user role permissions, please see our article here.
Figure 4 shows a Finance Stream with Secure Stream enabled, and the tooltip instructions to create a security rule to manage access.
Figure 4: Finance Stream User Access
Vizlib Server Migration (Below v1.6.0)
If you have a version of Vizlib Server below v1.6.0 installed, a migration will occur during the upgrade which will automatically create certain security rules, based on existing custom properties. This will allow you to safely upgrade without taking any further action. When the migration completes, your user access settings will be unchanged.