Security

In order to log into netFORUM, a user must pass through two levels of authentication. When a user types in the url for a netFORUM site, a network login window will open. Forms based authentication is also available by making a slight modification to the iWeb config. file. This is the first level of authentication – the network that your netFORUM server is a part of. If the user enters in a valid network login and password, they are then passed through to netFORUM. At this point, netFORUM checks to see if the user has rights to (is a user in) the netFORUM database. If a matching user id exists, netFORUM will open.

As a hosted client, new users must be created for you by Abila. If you are a premise-based client, you may create new users entirely on your own.

Once the user has been authenticated by the network and netFORUM, the system checks to see what security group(s) the user is a member of, and then defines that user's permissions or Privileges accordingly. These security groups are created and maintained in netFORUM; this article is designed to give you some pointers on how to do just that.

Security Setup

See Security Setup.

Security Orientation

This table summarizes the security orientation of the various netFORUM security matrices. A common question is to ask, "Is netFORUM security positive or negative?" The answer is, "it depends." This table below summarizes. See the sections below for more detail.

Area Access by Default Grant Deny
Group Table Privilege and Group Column Privilege No If user is in at least one group with Grant, then user has access. If user is in at least one group with Deny, then user is denied access, regardless of whether user is granted access by virtue of being in another group.
Group Link Security No If user is in at least one group with access, then user has access. There is no "deny"; deny is really the absence of any grants.
Child Form Security Yes By default, anyone can view a child form. Denied only if every one of user's groups has been Denied
Query Security Yes By default, anyone can run any query if they can access the link to the Query Denied only if every one of user's groups has been Denied
Super Search Security Yes By default, all super search columns available to all Denied only if every one of user's groups has been Denied

Group Table/Column Security

Group Table Privilege enables you to configure the select/insert/update/delete permissions for a particular Group on a particular database Table.

Group Column Privilege extends this model down to each Column of the Table to further restrict the Select/Update permissions on a particular column. For example, you might allow a particular group "select" permissions on the Individual table, but you might not want to allow "select" permissions on the SSN column in that table.

Link Security

Security based on navigation. The Set Group Security tool enables you to permit Groups to access Group Item Links. Report Security is managed this way. See Group Link Security for more information.

LinkKey Security

See Group Link Security Icons for how to use Link Security to enable or disable hyperlinks on a profile Form.

Visibility SQL

Visibility SQL is a concept used, several multiple places in netFORUM, in particular on CMS sections and pages. See Visibility SQL for more information

Child Form Security

Child Form Security enables you to hide or restrict a Child Form from a particular Group. You may make the child form invisible altogether, or remove the ability to add, edit, delete or goto on a child form. See Child Form Security for more information.

Query Security

A Query can be denied to Groups. See Query Security for more information.

Batch Group Access

See main article for information on how Batches are linked to security Groups.

xWeb Authentication Security

See main pages for security implications in xWeb. xWeb User Administration is most relevant for system administrators. See xWeb:Authenticate and xWeb User and xWeb User Administration for more information.

SecurityPosture System Option

Unless you have changed the default value from permissive to restrictive, then you probably do not need to concern yourself with this system option. See SecurityPosture for more information.

Admin Overview Page

The Overview page in the Admin module provides links to various security features.

Left Center Right
Set Group Security Populate Group Privileges Populate User Privileges
Copy Group Security Copy Group Privileges