Main   Concepts   System   Requirements   Installation   Download   FAQ   Developers   Demo   cattaDoc på dansk
cattaDoc security: Basic security and Advanced security
In this document What is basic security? Basic security What is advanced security? Advanced security Should you use basic or advanced security? Basic or advanced?
Read more

Valid XHTML 1.0!

 

Basic Security and Advanced Security

From the beginning in version 1, cattaDoc had basic security. But version 2 adds advanced security to cattaDoc. Advanced security is optional, you'll have to enabled it to take advantage of its facilities.

  Basic Security Back to the topBack to the top  

Basic security is enabled by default in cattaDoc. It divides all users in cattaDoc into 3 categories:

  • Readers: They are the users who can read everything in cattaDoc, but cannot change anything. Neither can they create new documents.

  • Authors: These users have read & write permissions in cattaDoc: They can read everything and they can change all objects, including create new documents, projects, companies and contact persons.

  • System administrators: They are "root" users in cattaDoc - they can do anything, including changing and creating new master data as well as change and create new users in cattaDoc. They have access to System Administration (in the Search screen menu).
  Advanced Security Back to the topBack to the top  

Advanced security is built on top of basic security. It does not replace basic security, but enhances it. Advanced security adds granularity to basic security: With advanced security you can define permissions or access control lists (ACL) to every individual object in cattaDoc. You can define that a certain group of users have author rights to a document, while others only have reader rights or cannot even see it. And this is not limited to documents: It also includes projects, companies and contact persons.

Advanced security is based on on the Unix/Linux security scheme where each object belongs to one group so that you can define access rights for users belonging to this group combined with another set of access rights for all others. The access rights - or permissions - are:

  1. No access - cannot even see the object
  2. Reader - read-only
  3. Author - read/write
  4. System administration - read/write/change permissions

These permissions can be defined for own group and for others, i.e. for all other groups. One typical scenario is where own group has author access and others have reader access.

In addition, all objects have an owner, by default the object creator. The owner can always change permissions for the object, even though the group he or she is assigned to may only have author permissions.

Users belong to one or more groups. For access rights, all the groups are equal. One of the groups, however, are defined as the user's primary group. Objects created by the user inherits by default the user's primary group. This can, however, be changed afterwards.

Basic security still applies when working with advanced security:

  • Users in the reader category in basic security can only read objects irrespective of object ownership or access control lists allowing more than reading.

  • Only users in the author or system administrator categories in basic security can create new objects.

  • System administrators in basic security have access to everything irrespective of group belongings, including change of object permissions. They are still "root" users in advanced security.

  • Even with advanced security enabled, system administrators in basic security are the only ones with access to System Administration (in the Search screen menu).

Read more about how you work with advanced security in cattaDoc.

  Basic or Advanced Security? Back to the topBack to the top  

Advanced security is an obvious choice in a number of cases:

  • A group of users, e.g. management, shall have exclusive access to a number of documents.

  • You are running a "secret" project to which only project members must have access.

  • You will share access to a project with partners and/or the customer, but only with limited permissions and no access to all your other projects.

  • You are running a project web site with many users and many projects, but there shall be "firewalls" between them.

All this can be accomplished in cattaDoc, but only through the use of advanced security.

However, there is a performance penalty in using advanced security. For every action and every event there are more checks and control mechanisms. More joins between tables in the database are necessary when using advanced security.

How much performance penalty depends on your amount of data and on your hardware. However, I have been surprised in my own use of cattaDoc: The performance penalty has been less than expected. So try it out yourself.

But in general: Only use advanced security if you need it.