Security
In order to log into netFORUM, a user must pass through two levels of authentication. When a user types in the url for a netFORUM site, a network login window will open. Forms based authentication is also available by making a slight modification to the iWeb config. file. This is the first level of authentication – the network that your netFORUM server is a part of. If the user enters in a valid network login and password, they are then passed through to netFORUM. At this point, netFORUM checks to see if the user has rights to (is a user in) the netFORUM database. If a matching user id exists, netFORUM will open.
As a hosted client, new users must be created for you by Abila. If you are a premise-based client, you may create new users entirely on your own.
Once the user has been authenticated by the network and netFORUM, the system checks to see what security group(s) the user is a member of, and then defines that user's permissions or Privileges accordingly. These security groups are created and maintained in netFORUM; this article is designed to give you some pointers on how to do just that.
Security Setup
See Security Setup.
Security Orientation
This table summarizes the security orientation of the various netFORUM security matrices. A common question is to ask, "Is netFORUM security positive or negative?" The answer is, "it depends." This table below summarizes. See the sections below for more detail.
| Area | Access by Default | Grant | Deny |
|---|---|---|---|
| Group Table Privilege and Group Column Privilege | No | If user is in at least one group with Grant, then user has access. | If user is in at least one group with Deny, then user is denied access, regardless of whether user is granted access by virtue of being in another group. |
| Group Link Security | No | If user is in at least one group with access, then user has access. | There is no "deny"; deny is really the absence of any grants. |
| Child Form Security | Yes | By default, anyone can view a child form. | Denied only if every one of user's groups has been Denied |
| Query Security | Yes | By default, anyone can run any query if they can access the link to the Query | Denied only if every one of user's groups has been Denied |
| Super Search Security | Yes | By default, all super search columns available to all | Denied only if every one of user's groups has been Denied |
Group Table/Column Security
Group Table Privilege enables you to configure the select/insert/update/delete permissions for a particular Group on a particular database Table.
Group Column Privilege extends this model down to each Column of the Table to further restrict the Select/Update permissions on a particular column. For example, you might allow a particular group "select" permissions on the Individual table, but you might not want to allow "select" permissions on the SSN column in that table.
Link Security
Security based on navigation. The Set Group Security tool enables you to permit Groups to access Group Item Links. Report Security is managed this way. See Group Link Security for more information.
LinkKey Security
See Group Link Security Icons for how to use Link Security to enable or disable hyperlinks on a profile Form.
Visibility SQL
Visibility SQL is a concept used, several multiple places in netFORUM, in particular on CMS sections and pages. See Visibility SQL for more information
Child Form Security
Child Form Security enables you to hide or restrict a Child Form from a particular Group. You may make the child form invisible altogether, or remove the ability to add, edit, delete or goto on a child form. See Child Form Security for more information.
Query Security
A Query can be denied to Groups. See Query Security for more information.
Batch Group Access
See main article for information on how Batches are linked to security Groups.
xWeb Authentication Security
See main pages for security implications in xWeb. xWeb User Administration is most relevant for system administrators. See xWeb:Authenticate and xWeb User and xWeb User Administration for more information.
SecurityPosture System Option
Unless you have changed the default value from permissive to restrictive, then you probably do not need to concern yourself with this system option. See SecurityPosture for more information.
Admin Overview Page
The Overview page in the Admin module provides links to various security features.
| Left | Center | Right |
|---|---|---|
| Set Group Security | Populate Group Privileges | Populate User Privileges |
| Copy Group Security | Copy Group Privileges |