Record Level Security From Strategy to Implementation at Museum Victoria Donna Fothergill and Lee-Anne Raymond.

Record Level Security

From Strategy to Implementation

at Museum Victoria

Donna Fothergill and Lee-Anne Raymond

MV Strategy

Consider the security design currently in place.

What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation

after-all?

MV Security A range of security measures are used at Museum Victoria

User permissions

Data Partitions- Column access/default registry settings - Roles field in Parties - Repository field in MMR

Tab switching

Record Level Security

Data PartitionsColumn Access – Default Settings

Department

Discipline

User

Data Partitions

Parties Module Partitioned

&

Shared

By Roles

Data Partitions

MMRPartitioned

By Repository and Registry security setting. Access is restricted to users

and/or groups.

Tab SwitchingReduce Access to sensitive information

without RLS.This setting maintains a “closed”

access to the record by reducing the tabs in display to one only

“hiding” the rest using “Tab Switch”.

Query tabs are still available. Only groups with permission will see the full record.

All can still see this type of record exists.

Only those with permission may see the full contents of records.

MV Strategy

Consider the security design currently in place.

What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation

after-all?

What does RLS do that is different?

rls can build on your existing user/group permissions by:

providing the ability to restrict a group of records within a department/discipline

allowing users to “share” ownership of records

providing users with access to collections of records they would not normally have access to

MV Strategy

Consider the security design currently in place.

What does Record Level Security do that is different?

What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation

after-all?

What do the users want?

Ability to partition data according to discipline or department

Ability to share but control the content within their own records

Ability to see and share another departments records

MV Strategy

Consider the security design currently in place.

What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation

after-all?

Uses for RLS at MV?Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restriction

Uses for rls at MVTaxonomy module – open and with

permission to do anything at all until…

RLS

Taxonomy is still open but

security refined. Editing

and Deletion locked where

needed

Uses for RLS at MV?Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restriction

Uses for rls at MV

Transactions Module

RLS

To share & control from the outset.

Uses for RLS at MV?Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restriction

Uses for rls at MV

Exhibition Objects ModuleTriage Access Permissions

Uses for RLS at MV?Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restriction

Uses for rls at MV

Culturally restricted – records hidden to all but a few

Tab Switch Controlled

&

Shared

or

Hidden

Uses for RLS at MV?Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restriction

Uses for rls at MVDigital Asset Management System (DAMS)

Uses for RLS at MV? Taxonomy

Transactions

Exhibition Objects

Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts

Integrating systems to share assetse.g. Digital Asset Management System

‘Relax’ a restrictione.g. DNA Laboratory Data

Challenges

Implementing significant change within a functioning environment

Grouping data into Departments/Disciplines in preparation of setting rls on existing records

Loosening security in order to tighten security

Ensuring that rls is set correctly when a new record is inserted

Hiding records - is this the best option?

Benefits

Users evolving into more sophisticated ‘sharers’

Cultural shift to more open attitudes towards data access

Significant user satisfaction with a more flexible and secure data model

Security significantly improved or made more robust

Ability to utilise RLS to assist with integration projects such as the MV DAMS

Promoting the sharing of data between disciplines

MV Strategy

Consider the security design currently in place.

What does RLS do that is different?What do the users want?Where is RLS needed?Is RLS for ‘Everybody’/ Every situation

after-all?

Is RLS for Everybody/Every Situation After All?

RLS is not for every situation. Each unique EMu site will have it’s own

challenges.RLS is useful and can help but not solve

all your access and restriction issues. A solid structure to begin with will support

your implementation of RLS