Main   Concepts   System   Requirements   Installation   Download   FAQ   Developers   Demo   cattaDoc på dansk
How do you work with advanced security in cattaDoc
In this document Who can create new objects, and what happens when you create a new object Object creation Who can read which objects Read access Who can write which objects, i.e. change information and relations Write access Who can change object permissions Change permissions How to create new security groups Groups How to assign users to security groups User assignment How to enable advanced security Enable adv. security
Read more

 

cattaDoc: Advanced Security in Practice

With advanced security enabled - see how to do it below - each object in cattaDoc has its own access rights - or permissions - defined by the object's Access Control List, or ACL. What does this mean in practice?

  Who can create new objects and what happens Back to the topBack to the top  

All users in the author or system administrator categories in basic security can create new objects.

When you create a new object, the following security-related data are defined by default:

  • Owner = The creator
  • Group = The creator's primary group
  • Group permissions = Author
  • Permissions for others = Reader

You can change these things afterwards by clicking on the Access button in the object's book display, ref. below. Every change in permissions are timestamped and the Initials of the one doing it is also recorded for tracking purposes.

  Who can read which objects Back to the topBack to the top  

The following criteria defines if a given user can read an existing object, including the object being displayed in search results and in object relations:

  1. The user is a System administrator (basic security) - or
  2. Only basic security enabled and the user is at least Reader - or
  3. Advanced security enabled and the user is at least Reader and is the object owner - or
  4. Advanced security enabled and the user is at least Reader and is assigned to a group with at least reader permissions for the object - or
  5. Advanced security enabled and the user is at least Reader and other groups have at least reader permissions for the object
  Who can write which objects, i.e. update information and relations Back to the topBack to the top  

The following criteria defines if a given user can update an existing object, including change the object's relations to other objects:

  1. The user is a System administrator (basic security) - or
  2. Only basic security enabled and the user is an Author - or
  3. Advanced security enabled and the user is an Author and the user is the object owner - or
  4. Advanced security enabled and the user is an Author and is assigned to group with at least author permissions for the object - or
  5. Advanced security enabled and the user is an Author and other groups have at least author permissions for the object
  Who can change object permissions Back to the topBack to the top  

The following criteria defines if a given user can change an object's permissions / access rights:

  1. Advanced security enabled - and at least one of the following criteria are met:
  2. The user is a System administrator (basic security) - or
  3. The user is the object owner - or
  4. The user is assigned to group with system administration permissions for the object - or
  5. Other groups have system administration permissions for the object
  Security groups Back to the topBack to the top  

At installation, cattaDoc only contains one security group: Everyone.

System administrators can create new groups by selecting Security Groups in the System administration menu. Here you can also inactivate groups.

  Assigning users to groups Back to the topBack to the top  

A new input element has been added to the user administration forms in System administration: Assign user to security groups. It has two parts:

  1. Assign user to available security groups
  2. Select primary group

Only assigned groups can be selected as primary group. I.e. you have to save group assignments before defining primary group.

This form is accessible from the user search form by clicking Edit in the Adv.sec. column.

  How to enable advanced security Back to the topBack to the top  

Advanced security is not enabled as default when you install cattaDoc. You will have to enable it yourself.

The only thing you have to do to enable advanced security is to change the value of the constant CDADVSEC in the configuration file system/cdStart4.inc.php and define it as 'yes'.

At the same time, do consider if the default values for the constants

  • CDGACL defining the default value for advanced security permissions for own group (it is '2' for author permissions) and
  • CDOACL defining the default value for advanced security permissions for others - not own group - (it is '1' for Reader permissions)

suit your needs. If not, change them in the same configuration file system/cdStart4.inc.php.

With advanced security enabled, the security cookie values are encrypted, so they are more difficult to tamper with. The key used for encryption is defined in the constant CDENCKEY, also in system/cdStart4.inc.php. Change it!