LogoLogo
  • LIBSAFE Advanced Pro - System Administrator Manual
  • Introduction
    • Basic concepts
    • General considerations
  • System configuration
    • Storage
      • Storage groups
      • Disks
        • Different storage system types and their integration in LIBSAFE
      • Datamover
    • Digital signature profiles
      • Certificates for the digital signature service
    • Access
      • Users
        • Two-Factor Authentication (2FA)
      • Groups
      • User permissions
    • Alarms and Notifications
      • Alarm definition
      • Configured alarms
        • Configuring an alarm: example 1
        • Configuring an alarm: example 2
      • Notifications panel
    • Extras and tools
      • Programmed tasks
      • Logs manager
      • File management
      • Database management
      • Database management (read-only mode)
      • Web interface configuration variables
      • Configuration variables
      • API system services
      • Server cluster - Parallelization
        • Details of activity in one node
        • Editing or creating a node and its associated services
        • Node deactivation
        • Deleting nodes
        • Processing Cluster customization
      • SAML integration as a SSO (Single Sign On) when login in LIBSAFE
    • License
  • Preservation configuration
    • Ingestion sanitizers
      • Ingestion sanitizers detail
      • Ingestion sanitizer editing
    • Preprocessors
      • Preprocessor details
      • Creation of the preprocessor
      • Preprocessor editing
    • Ingestion checks
      • Ingestion check details
      • Creation of the ingestion check
      • Ingestion check editing
      • Main ingestion checks
    • Metadata filters
      • Metadata filter detail
      • Creation of metadata filter
      • Metadata filter editing
    • Dissemination Information Package (DIP) profiles
      • DIP profile detail
      • Creation of DIP profiles
      • DIP profile edition
    • Connectors
      • Connector Detail
      • Create a new connector
      • Edit a connector
    • File formats
      • File format detail
    • File format characterizers
      • File format characterizer detail
    • File format validators
      • File format validator detail
    • File format evolvers
      • File format evolver detail
  • Frequently Asked Questions (FAQ) and additional notes
Powered by GitBook
On this page

Was this helpful?

  1. System configuration
  2. Access

Groups

PreviousTwo-Factor Authentication (2FA)NextUser permissions

Last updated 3 years ago

Was this helpful?

User groups are used to assign user permissions in LIBSAFE to the registered users, to classify these according to their roles and also to define the access they have to the preservation repository.

User groups should be defined considering the following aspects:

  1. Whether the user is a system administrator, a preservation administrator (manager), a producer or a consumer. Other roles may be applied, but it has to be taken into account that the defined permissions are designed based on the listed roles.

  2. The defined preservation areas, for those users where this is relevant.

Assigning permissions through groups (profiles) is common in the computer community, to limit the risks of an improper access to data, as well as to protect the confidentiality, integrity, and survival of the involved systems.

In small size installations, it may be reasonable to ignore preservation areas when assigning permissions, and thus making a grouping structure. In big size installations, it may be reasonable to limit ingestion areas through associated groups, at least to producers. In installations that imply confidentiality or rights management and limitations, it may be reasonable to limit retrieve areas, through associated groups, to the designated community.

User groups may be activated and deactivated, without any implication as per their relation to specific users.

New and edit pages for groups are similar in case of access by a system administrator or by a user checking the definition data of the groups this belongs to. The difference is which of all the data fields is editable. The implied fields are:

  • Name of the user group.

  • Description.

  • Category. A DDL control allows for a single selection of one of the following: users, preservation administrator or system administrator. This is an important association, for the later management of permissions and the assignment of receivers for the notifications of the alarm system.

  • Status: active/inactive. Inactive groups have no effect, apart from not being shown in the selection areas.

  • Permissions. In a row with a sub-table with the permissions to associate. The system shows each permission: its association with the group or not, its category, and its association with preservation areas, if applicable (through a multiple selection DDL).