KS Authorization Weixia (Bonnie) Huang Feb 19, 2013.

Slides:



Advertisements
Similar presentations
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Advertisements

Support.ebsco.com EBSCOhost Collection Manager Selector Account Functions Tutorial.
SharePoint Forms All you ever wanted to know about forms but were afraid to ask.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Delegated Admin Tool Edit User Profile Training Module.
SP Business Suite Deployment Kick-off
Home This training presentation is designed to introduce the Residency Management Suite to new users. This presentation covers the following topics: Login.
Tutorial EBSCOadmin User Groups support.ebsco.com.
SESSION TWO SECURITY AND GROUP PERMISSIONS Security and Group Permissions.
Chapter 12 Creating and Using Templates. If you have already created and designed a page you like, you can use the layout and design for other pages in.
Word Lesson 8 Increasing Efficiency Using Word
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Better Maintenance of the Schedule of Classes Through Customization and Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
EmpowHR EmpowHR Security Overview. 2 Application Security Administration Permission List Roles User Profiles Row level security Distributed Security Administration.
Agenda 22 7.SharePoint Changes 8.Items & Lists 9.Files & Libraries 10.SharePoint & Office 11.Help 12.Wrap Up.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
SYSTEM ADMINISTRATION OVERVIEW. About the Role Most important role on NHS Jobs with highest level of permissions Responsible for managing key aspects.
AxiUm 5.10 Security Roles and Levels Tim Ericson, Sr. Systems Analyst, Willamette Dental.
Protect your data with Security John Ykema, Director of Sales & Marketing.
ROSI Express Report Training: Scheduled Courses with Instructor/Coordinator Diagnostics.
The template site was designed so that if a school principal chose they could task someone other than the webmaster to maintain the content of the website.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
What is Sure BDCs? BDC stands for Batch Data Communication and is also known as Batch Input. It is a technique for mass input of data into SAP by simulating.
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.
Wiki Training: Advanced Instructor: Zach Silveira (415)
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice SISP Training Documentation Template.
Systems Module Slide 2 – Overview and Navigation
© 2011 Intuit Financial Services All rights reserved. CONFIDENTIAL AND PROPRIETARY. Section 6: PartnerCare: Security Administration Intuit Financial Services.
TxEIS Security A role-based solution October 2010.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
Moodle (Course Management Systems). Managing Your class In this Lecture, we’ll cover course management, including understanding and using roles, arranging.
Hands-on: Setup Menu. What we will cover Access to Setup Codes Memos Forms Permissions Settings And more!
Module 3: Administrator Set-Up Intuit Financial Services University Internet Banking Certification Training.
0 eCPIC User Training: Dependency Mapper These training materials are owned by the Federal Government. They can be used or modified only by FESCOM member.
Microsoft ® Office SharePoint ® Server 2007 Training Excel Services II: Requirements, recommendations, and permissions [Your company name] presents:
Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.
User Management: Understanding Roles and Permissions for Schoolnet Schoolnet II Training – September 2014.
0 This document is confidential and is intended solely for the use and information of the client to whom it is addressed. eCPIC Admin Training: Custom.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.
Setting up/Managing Bank Personnel Intuit Financial Services University Business Financial Solutions Certification.
This eCPIC Quick Guide has been developed to assist System Administrators with creating Hierarchy Grids in eCPIC. The Hierarchy Grid functionality allows.
Roles 1. Your Role: End User End Users use Inside NCDOT and Connect NCDOT for basic browsing and reading Typical tasks can include: Open or download files.
Chapter 8 Configuring and Managing Shared Folder Security.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
Drupal for client Maria Sherskova skype: sherskova.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Security Overview Functional security – users, groups, and permissions for sites, lists,
January 2006Colby College ITS Setting Up Course Pages.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
© 2010 Delmar, Cengage Learning Chapter 11 Creating and Using Templates.
TEM Profile -step by step- First step in initiating travel Arranger and traveler must have their TEM Profile created before any travel documents can be.
AA207: Designing a Security Policy in Laserfiche 8 Connie Anderson, Technical Writer.
1 A Look at the Application Authorized users can access Communicator! NXT from any Internet-capable computer via the Web.
2016 CSO System Training & Networking Conference / Copyright © 2016 #csoconf 2016 CSO System Training & Networking Conference / Copyright © 2016 #csoconf.
Delegating Mediasite Management Using Roles and Advanced Access Permissions Patrick Klaassen.
HR Development Division PA Office of Administration Room 511 Finance Building Harrisburg PA Enterprise Portal Community Management Overview Click.
Transportation Agenda 19. Transportation Your Role: Designer Designers organize SharePoint content and determine how to display that content Typical tasks.
Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney.
Justin Scheitlin Daisey Fahringer
ASI Table [Instructor Notes, if any, will appear here.]
Welcome! To the ETS – Create Client Account & Maintenance
Basic XHTML Tables XHTML tables—a frequently used feature that organizes data into rows and columns. Tables are defined with the table element. Table.
5.8 Presentation.
Planning a Group Policy Management and Implementation Strategy
RMA User Guide.
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
Presentation transcript:

KS Authorization Weixia (Bonnie) Huang Feb 19, 2013

KIM Basic Concepts Namespace -- for us, it’s KS-ENR Role Permissions with Permission Details Add Permissions to Role(s) Add User(s)/Principal(s) as the member of a Role TODO: list links of reference RICE documentation

Permission Templates Open View & Edit View View Group & Edit Group View Field & Edit Field View Widget & Edit Widget Perform Action

Basic Permissions Open View Permission Edit View Permission

Can Access vs. No Permission to Access User Story: User A can access Manage CO pages while others can’t. Identify role: Role A Create permission(s): open view (and edit view permission) with permission details: viewId=xxx Assign permission(s) to the role Add user A as a member of Role A As CO System Administrator, I need the system to restrict certain users from accessing any Manage Course Offering pages in order to maintain information security and quality. for+a+standard+form+view+--+KSENROLL for+a+standard+form+view+--+KSENROLL-3753 Open View Permission Persons belong to Role A can access the view Persons not belong to Role A can’t access the view

ViewOnly/ReadOnly Access vs. Full /Editable Access User Story: user A is able to successfully perform an action (Create, Modify, Delete) on Manage CO pages while user B can only view the list of COs and AOs but can NOT perform that same action. Identify roles: Role A and Role B Identify permissions assigned to each role: – Role A has open view permission only – Role B has open view and edit view permission Assign user A to role A and assign user B to role B Edit View Permission Open View Permission Persons not belong to Role A and Role B can’t access the view Role A has open view permission but no edit view permission, therefore get ReadOnly view Role B has open view and edit view permissions, therefore get editable view (full access)

Basic Authorization Open View Permission Persons belong to Role A can access the view Persons not belong to Role A can’t access the view Q2: Does a person in Role A get ReadOnly view or editable view? Edit View Permission Open View Permission Persons not belong to Role A and Role B can’t access the view Role A has open view Permission but no edit View permission, therefore get ReadOnly view Role B has open view and edit view permissions, therefore get editable view (full access)

Role and Role Qualification User Story: A user is able to successfully perform an action (Create, Modify, Delete) on a course associated with their assigned administering org. That same user is NOT successful in performing that same action on a course from another administering org different from the one assigned. n+based+on+Admin+Org+role+qualification+--+KSENROLL-3755 Identify roles: – KS Department Schedule Coordinator - Org role – KS Department Schedule Coordinator - Org View Only role Identify permissions assigned to each role: – KS Department Schedule Coordinator - Org role has Open View and Edit View permission – KS Department Schedule Coordinator - Org View Only role has Open View permission Assign Carol to both roles

Role and Role Qualification (cont.) Different Role Types Role Qualification KS Department Schedule Coordinator - Org role KS Department Schedule Coordinator - Org View Only role

Permissions Comparison KS Department Schedule Coordinator - Org role KS Department Schedule Coordinator - Org View Only role

KRAD Layers View, Page, Section, Field…

KRAD Layers and Permission Template Layers View Page Section Field Action Widget Open View & Edit View KRAD LayersPermission Template Layers View Group & Edit Group View Field & Edit Field Perform Action View Widget & Edit Widget

Section 1 Section 3 Section 4 Section 5 Section 2 Set up Component level permissions Role A has full access to the whole page except for section 2. He only has view- only access for section 2 while Role B has full access to the whole page including section 2 Base setup on view level: Assign Open View and Edit View permissions to Role A and Role B Overlay component level permission: Assign View Group permission for Section 2 to Role A. Assign View Group and Edit Group permissions for Section 2 to Role B. Section 1 Section 3 Section 4 Section 5 Section 2 Role A Role B

Example: Seat Pool section turns to readOnly while other sections are still editable

Section 1 Section 3 Section 4 Section 5 Section 2 Set up Component Level Permissions – Flip the coin Role A has view-only access to the whole page except that he can modify the section 2 (while Role B has full access to the whole page including section 2 while Role C has view-only access to the whole page.) Section 1 Section 2 Section 3 Section 4 Section 5 Section 1 Section 3 Section 4 Section 5 Section 2 Role A Role B Role C

Section 1 Section 3 Section 4 Section 5 Section 2 Section 1 Section 3 Section 4 Section 5 Section 2 Set up Component Level Permissions – Flip the coin Option 1: Base setup on view level: Assign Open View permission to Role A and Role C Assign Open View and Edit View permissions to Role B Overlay component level permission: Assign View Group and Edit Group permissions for Section 2 to Role A and Role B. Assign View Group permission for Section 2 to Role C Section 1 Section 2 Section 3 Section 4 Section 5 Role A Role B Role C

Section 1 Section 3 Section 4 Section 5 Section 2 Section 1 Section 3 Section 4 Section 5 Section 2 Set up Component Level Permissions – Flip the coin Option 2: Base setup on view level: Assign Open View and Edit View permissions to Role A and Role B Assign Open View permission to Role C Overlay component level permission: Assign View Group permissions for Section 1, 3, 4,5 to Role A. Assign View Group and Edit Group permissions for Section 1,3,4,5 to Role B. Assign View Group permissions for Section 1,3,4,5 to Role C Section 1 Section 2 Section 3 Section 4 Section 5 Role A Role B Role C

Section 1 Section 3 Section 4 Section 5 Section 2 Set up Component Level Permissions -- one more tweak Option 1: Base setup on view level: Assign Open View and Edit View permissions to Role A and Role B Overlay component level permission: Assign View Group permissions for Section 1, 3, 4,5 to Role A. Assign View Group and Edit Group permissions for Section 1,3,4,5 to Role B. Option 2: Base setup on view level: Assign Open View permission to Role A Assign Open View and Edit View permissions to Role B If Section 2 is always editable for all roles  NO permission checking needed for section 2  set p:readOnly=“false” for all elements in section 2 in view xml file Section 1 Section 2 Section 3 Section 4 Section 5 Role A Role B

Search Criteria Section – Override Permission Checking …. ….

Be Careful to Use parameter }" Example: Authz setup is overriden by the feature to display crossListed CO TODO: – find a good solution to move away to use p:readOnly for business rule/logic in general. – Or suggest Rice team to make some improvement for the current design and implementation on View Only?

How KRAD Interpreted View Only permission View only permission means open view or view xxx authorization checking returns true but edit view or edit xxx authorization checking returns false. For View only permission, by default KRAD – sets p:readOnly=“true” for all input fields. – In collection table: automatically hide Actions column (set p:render=“false”??). According to Jerry, the checkbox column if any should be hidden by default, but right now it does not – need to report a bug to rice team – No change on buttons and action links

Default Rendering by KRAD for View Only permission

Desired Rendering for View Only permission

Realize KRAD Limitation Require permissions setup KRAD Limitation Section 1 Section 2 Section 3 Section 4 Section 5 Action Links Buttons

Deal with KRAD Limitation See +links+and+input+fields+when+a+user+only+has+view- only+permission+but+not+edit+permission+on+the+view+level for details +links+and+input+fields+when+a+user+only+has+view- only+permission+but+not+edit+permission+on+the+view+level Action Links Buttons Option 1: Open View permission for Role A Open and Edit View permission for Role B Perform Action permissions for buttons and action links for Role B Option 2 (recommended approach): Annotate view xml based on permission checking result. Action Links Buttons Role A

More… Permission Type Service Extension Permission Template Extension Support Expression Evaluation Authorizer extension Role Type Service Extension  OrganizationHierarchyRoleTypeService QualifierResolver Extension  OrganizationQualifierResolver

More… Maintenance View/Document permission setup – If no component level (Group, Field, Action) permission needs to be setup, create open document and edit document permissions and assign them to the proper role would work. – Otherwise, have to setup both document based permission as well as view based permissions for a maintenance eDoc See – How to set up the document based authorization for a maintenance eDoc How to set up the document based authorization for a maintenance eDoc – How to set up the view based authorization for a maintenance eDoc How to set up the view based authorization for a maintenance eDoc

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.