record level security from strategy to implementation at museum victoria donna fothergill and...
TRANSCRIPT
![Page 1: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/1.jpg)
Record Level Security
From Strategy to Implementation
at Museum Victoria
Donna Fothergill and Lee-Anne Raymond
![Page 2: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/2.jpg)
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
![Page 3: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/3.jpg)
MV Security A range of security measures are used at Museum Victoria
User permissions
Data Partitions- Column access/default registry settings - Roles field in Parties - Repository field in MMR
Tab switching
Record Level Security
![Page 4: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/4.jpg)
Data PartitionsColumn Access – Default Settings
Department
Discipline
User
![Page 5: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/5.jpg)
Data Partitions
Parties Module Partitioned
&
Shared
By Roles
![Page 6: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/6.jpg)
Data Partitions
MMRPartitioned
By Repository and Registry security setting. Access is restricted to users
and/or groups.
![Page 7: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/7.jpg)
Tab SwitchingReduce Access to sensitive information
without RLS.This setting maintains a “closed”
access to the record by reducing the tabs in display to one only
“hiding” the rest using “Tab Switch”.
Query tabs are still available. Only groups with permission will see the full record.
All can still see this type of record exists.
Only those with permission may see the full contents of records.
![Page 8: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/8.jpg)
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
![Page 9: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/9.jpg)
What does RLS do that is different?
rls can build on your existing user/group permissions by:
providing the ability to restrict a group of records within a department/discipline
allowing users to “share” ownership of records
providing users with access to collections of records they would not normally have access to
![Page 10: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/10.jpg)
MV Strategy
Consider the security design currently in place.
What does Record Level Security do that is different?
What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
![Page 11: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/11.jpg)
What do the users want?
Ability to partition data according to discipline or department
Ability to share but control the content within their own records
Ability to see and share another departments records
![Page 12: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/12.jpg)
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
![Page 13: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/13.jpg)
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
![Page 14: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/14.jpg)
Uses for rls at MVTaxonomy module – open and with
permission to do anything at all until…
RLS
Taxonomy is still open but
security refined. Editing
and Deletion locked where
needed
![Page 15: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/15.jpg)
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
![Page 16: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/16.jpg)
Uses for rls at MV
Transactions Module
RLS
To share & control from the outset.
![Page 17: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/17.jpg)
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
![Page 18: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/18.jpg)
Uses for rls at MV
Exhibition Objects ModuleTriage Access Permissions
![Page 19: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/19.jpg)
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
![Page 20: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/20.jpg)
Uses for rls at MV
Culturally restricted – records hidden to all but a few
Tab Switch Controlled
&
Shared
or
Hidden
![Page 21: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/21.jpg)
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
![Page 22: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/22.jpg)
Uses for rls at MVDigital Asset Management System (DAMS)
![Page 23: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/23.jpg)
Uses for RLS at MV? Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restrictione.g. DNA Laboratory Data
![Page 24: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/24.jpg)
Challenges
Implementing significant change within a functioning environment
Grouping data into Departments/Disciplines in preparation of setting rls on existing records
Loosening security in order to tighten security
Ensuring that rls is set correctly when a new record is inserted
Hiding records - is this the best option?
![Page 25: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/25.jpg)
Benefits
Users evolving into more sophisticated ‘sharers’
Cultural shift to more open attitudes towards data access
Significant user satisfaction with a more flexible and secure data model
Security significantly improved or made more robust
Ability to utilise RLS to assist with integration projects such as the MV DAMS
Promoting the sharing of data between disciplines
![Page 26: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/26.jpg)
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Where is RLS needed?Is RLS for ‘Everybody’/ Every situation
after-all?
![Page 27: Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond](https://reader035.vdocuments.us/reader035/viewer/2022062619/5516c76f550346f6208b5afb/html5/thumbnails/27.jpg)
Is RLS for Everybody/Every Situation After All?
RLS is not for every situation. Each unique EMu site will have it’s own
challenges.RLS is useful and can help but not solve
all your access and restriction issues. A solid structure to begin with will support
your implementation of RLS