Information

Created in: 2006-01-07 12:49:43

Author: martin

Size: 12808 bytes

Last updated: 2006-01-07 12:49:43

Categories

Documents & Articles

You may be interested in...

There isn't related documents

Tutorial: Security management

jLibrary includes a flexible security system based on users, groups, roles and restrictions, that will allow you to easily manage your application access policies and grants.

For this task, jLibrary includes a specific perspective. This is the security perspective. If this perspective isn't available in your opened jLibrary instance, you should press the Other perspective button:

After that, it should appear a dialog in which you can select the different available jLibrary perspectives. One of them is the security perspective. Select it and press OK.

Once you have done the previous step, jLibrary should show the perspective security.

The security perpective is composed by some different views with regard to the traditional repository perspective:

• The groups view. This view shows the different groups within the selected jLibrary repository server.
  
• The users view. This view shows the different users within the selected jLibrary repository server.
  
• The roles view. This view shows the different roles within the selected repository server..
  
• The restrictions view. It shows the users or groups that can access to the repository.

In jLibrary, a repository has several users defined. This users can have different permissions on the different jLibrary server repositories. Moreover, one server has several groups defined, in which you will can add users. Both users and groups will have several roles assigned. Roles, groups and users are defined at repository level. So if you create an user on repository A, that user won't exist on repository B. The only exception to this is the special user admin that is present in all repositories.

WARNING : To perform the next steps of this tutorial, you must have an user with server administrator rights. In case that you don't have such permissions, you should contact with your jLibrary server administrator. Some of the following operations won't work correctly. There are some operations that can be performed by users with server administrator permission, but most of the operations wouldn't work.

User management

One jLibrary server will have several users. These users may belong to groups and have assigned different roles. By default, jLibrary comes with an Administrator user, that has superuser rights. This user does not belong to any group or rol and cannot be modified.

The Users view allows you to create and delete users using the view toolbar buttons. To create an user, you can press the left toolbar button.

Once you have done it, you'll find the user creation dialog that you had seen on the first tutorial: Creating a repository. If you didn't create the test user martin on that tutorial, then you can create him now. Enter some test data and press the Accept button to create that user.

The recently created user martin will appear on the users view. Now you can double click him on the users view and a new user editor will appear on the editor area showing the user properties:

Obviously, you can modify the values on this editor simply entering data on the text fields. One of the new features in this version is that you can drag and drop groups and roles directly over the roles and group dialogs. For example, you can drag the editor and reader rol over the roles view, and the editors and readers groups over the groups view.

Finally, press the save button and the user's data will be updated. Easy, isn't it?

To end with the user management options, you can press the Delete button if you wish to delete the selected user.

Groups management

One jLibrary server can have several groups. These groups will contain users, and will have several roles assigned. By default, jLibrary comes with three predefined groups: Readers, Editors and Administrators. Each of these groups have assigned a single rol: Reader, Editor and Administrator. Therefore, an user within the Readers group will can only read documents, an user that belongs to the Editors group will can read and edit documents, and an user belonging to the Administrators group will be a repository admin.

You can create new groups using the left most toolbar button in the Groups view. Again, you have to ensure of having selected some repository.

It will appear a very simple dialog that would allow you to enter the group's name and description. Enter some test data and press Accept button to create the group.

After this, you can double click this group and it will appear a new editor showing editor's properties. You can change this properties directly from the text fields.

The users and roles lists allows you to drag and drop directly users and roles over this group. You simply have to drag and drop them over these lists. If you want to remove users or roles, simply click it on the lists and it will be removed automaticall. After doing all changes, you must click the save button to update group status.

 

To delete a group you only have to use the Delete button from the groups view.

Roles management

Every jLibrary repository has several roles assigned. Each rol will contain users and groups. By default, jLibrary includes three roles that can't be modified or deleted:

• Reader : In this rol are included all the users and groups that should only read documents in a repository. It corresponds with a read-only access.
  
• Editor : In this rol are included all the users and groups that as well as reading documents can also update them or modify the repository. Examples of these modify actions can be creating a directory, updating document properties, updating documents contents, etc. It corresponds with a read-write access.
  
• Administrator : These users are those that as well as performing the previous tasks can also perform administrative tasks. This tasks are for example adding restrictions to repository nodes, creating roles within a repository, creating categories, etc.
  

jLibrary gives the possibility of creating new roles. To do that, press the New rol button at the roles view.

It will appear a roles dialog in which you can enter the data of the new rol.

Once you have pressed the Accept button, you'll see the new rol at the roles view.

You can double click the rol and a new editor will be opened showing the rol properties. You can edit those properties directly from the editor text fields:

As with the previous editors, you can add users and groups to a rol simply drag and drop them over the users list and the roles list. You can also remove users and groups from a rol simply clicking them on the lists.

Remember that you only have to press the Save button to store all the changes done to a rol.

Tip: Having new roles isn't specially an exciting task if you are not planning to develop applications agains a jLibrary repository. jLibrary uses only default roles: groups, editors and administrators. If you create a new role, that role will exist, but there will be no jLibrary features using that role. This is useful when you're planning to develop an application and so you can build custom roles and customize them, and later create source code that uses that roles. So most of the times, you will be working with default roles.

Finally, if you wish to delete the rol, select it and press the Delete rol button from roles view.

 

Restriction management

The restrictions, at its name appoints, restrict repository node access. If you select a node, you'll see the restricted users and groups in the restrictions view for that node. Remember that only the users and groups on the restrictions view will be able to access that node. This is very important as if you leave some node without any users or groups, then nobody will be able to access it. By default, each time that a node is created, its creator is added to the restricted list.

If you wish to restrict the access to an user or group, the only thing you must do is dragging the user or group over the restrictions view. Here I have added the user martin to the restricted list:

The restrictions are applied transparently with independency of their roles or permissions. This is very important to maintain information privacity. Restricted data isn't transported from the server to the client, so if a client can't access to some nodes, that nodes won't be on their repository tree, and that nodes won't travel through the wire. For the user, this is absolutely transparent.

Congratulations ! Now you have enough knowledge to secure your repository.:-)