Field-Level Security
Sep 2, 2008
Field-level security is a very common wish list item, but one that's extremely difficult to build. And when field-level security is possible within a product, it generally involves a lot of configuration and maintenance.
This powerful feature is native to Imanami WebDir--and is so simple to configure that it's often taken for granted.
In the WebDir System Manager, select the Design node under your virtual server and click the Properties tab. The Directory Object drop-down list gives you access to all the AD objects you may control through WebDir, including User, Group, and Contact. The tab names in the list below correspond to the tabs configured in the WebDir user interface. Select 'General' and click the 'Edit' button. Note the Access Level and Visibility Level in the pop-up window. These are your basic tools for controlling who may view data and who may edit data.
The principle behind the WebDir authority ranking system is simple: Each user receives a number indicating his level of authority; each field or tab receives a number indicating the authority level required to access it. When WebDir loads a page, it compares these two numbers and renders all fields or tabs where the field's number is equal to or higher than the user's. So a user with a ranking of 299 will be able to see fields with a visibility level of 999, but will not see fields with a visibility level of 199.
For most of a user's basic information, the default Visibility Level will be 9999; default Access Levels typically are 299 or lower, so only users looking at their own records, help desk users, or administrators may edit the data.
The numbering system may seem a bit arcane, but it allows even greater flexibility than discussed thus far. There are seven access roles that are delivered with the Imanami WebDir application; if more are required, it is possible to create new roles and administer them through the existing application. For example, if your organization requires an additional layer between the Help Desk (99) and Owner roles (199), you could create a new role with a level of 149 and manage it using the methods we've covered.
Any time you empower users to edit potentially sensitive data, it is imperative that proper controls be put in place by the system administrator. Imanami WebDir provides field-level security to ensure that you never find yourself with too blunt an instrument!
|
Previous Post
August 2008 |
