How to configure access to data

Introduction

Listing workspaces

The diagram Listing workspaces illustrates how access control is applied to the workspace catalogue. The workspace catalogue lists all the workspaces accessible by the user.

A workspace will be included in the list if:

Either the user is the owner ¹ of the workspace.
Or the user is an administrator ².
Or the user belongs a shared group, see Share a workspace with other users.

List and load publications

Users will only be able to load a publication if their profile contains one of the roles linked to the publication.

Load a workspace

The diagram Access control when loading workspace illustrates how HxGN Smart Sites will enforce access control when a user attempts to load a workspace.

The user selects a workspace from the list of workspaces.

HxGN Smart Sites verifies access in order to control the allowed actions:

view: loading the data
edit: modify the workspace (removing or adding publications, change the title, ...)
delete: delete the workspace
share: share the workspace with other user groups, or remove shared groups

Workspace owners and administrators have all 4 permissions.

Users in shared groups have only view permission.

The diagram Access control when loading workspace also illustrates how HxGN Smart Sites enforces security at the publication level.

As a result of the rule stated in List and load publications, users might not be able to view all the publications bundled in a workspace. A warning is shown to the user when that is the case.

Configure user profiles

HxGN Smart Sites uses a dedicated tool to configure user profile, Keycloak.

Roles

HxGN Smart Sites is pre-configured with the hss-admin role. When the hss-admin role is mapped to a user, the user becomes an Administrator.

Refer to the Keycloak documentation to create roles.

Refer to the Keycloak documentation to map roles to users.

Groups

If your installation relies on a user-federation mechanism (like LDAP or OIC), groups will be configured automatically. Otherwise, groups can be configured manually.

Log in your Keycloak instance, https://{your.HxGN.Smart.Sites.host}/auth.
Select the hss realm.
Select the Groups screen.
Select a group.
Select the Members tab.
Select Add member and add users to the group.

note

Refer to the Keycloak documentation for a detailed guide on group configuration.

Configure access to publications

As described in List and load publications, a publication is accessible to a user when the user profile has one of the roles attached to that publication. Administrators must therefore attach roles to publications in the Admin Application.

note

A publication without any role attached will not be accessible to anyone in HxGN Smart Sites Client.

Go to the Admin Application.
Go to the Publication screen.
Attach one or more roles to the publication.

A workspace owner or an Administrator can share a workspace with one or more groups. All the users within the shared group(s) will have access to the workspace.

in HxGN Smart Sites Client
Click the share icon next to the workspace title
Attach the user groups as illustrated in Selecting groups, and click the "Share Workspace" button.

the user that created the workspace ↩
users with the hss-admin role ↩

Introduction​

Listing workspaces​

List and load publications​

Load a workspace​

Configure user profiles​

Roles​

Groups​

Configure access to publications​

Share a workspace with other users​

Footnotes​