Record Level Security
From Strategy to Implementation
at Museum Victoria
Donna Fothergill and Lee-Anne Raymond
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
MV Security A range of security measures are used at Museum Victoria
User permissions
Data Partitions- Column access/default registry settings - Roles field in Parties - Repository field in MMR
Tab switching
Record Level Security
Data PartitionsColumn Access – Default Settings
Department
Discipline
User
Data Partitions
Parties Module Partitioned
&
Shared
By Roles
Data Partitions
MMRPartitioned
By Repository and Registry security setting. Access is restricted to users
and/or groups.
Tab SwitchingReduce Access to sensitive information
without RLS.This setting maintains a “closed”
access to the record by reducing the tabs in display to one only
“hiding” the rest using “Tab Switch”.
Query tabs are still available. Only groups with permission will see the full record.
All can still see this type of record exists.
Only those with permission may see the full contents of records.
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
What does RLS do that is different?
rls can build on your existing user/group permissions by:
providing the ability to restrict a group of records within a department/discipline
allowing users to “share” ownership of records
providing users with access to collections of records they would not normally have access to
MV Strategy
Consider the security design currently in place.
What does Record Level Security do that is different?
What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
What do the users want?
Ability to partition data according to discipline or department
Ability to share but control the content within their own records
Ability to see and share another departments records
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Uses for RLS at MV?Is RLS for ‘Everybody’/ Every situation
after-all?
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
Uses for rls at MVTaxonomy module – open and with
permission to do anything at all until…
RLS
Taxonomy is still open but
security refined. Editing
and Deletion locked where
needed
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
Uses for rls at MV
Transactions Module
RLS
To share & control from the outset.
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
Uses for rls at MV
Exhibition Objects ModuleTriage Access Permissions
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
Uses for rls at MV
Culturally restricted – records hidden to all but a few
Tab Switch Controlled
&
Shared
or
Hidden
Uses for RLS at MV?Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restriction
Uses for rls at MVDigital Asset Management System (DAMS)
Uses for RLS at MV? Taxonomy
Transactions
Exhibition Objects
Restricted and Secured Groups of Recordse.g. Culturally Restricted artifacts
Integrating systems to share assetse.g. Digital Asset Management System
‘Relax’ a restrictione.g. DNA Laboratory Data
Challenges
Implementing significant change within a functioning environment
Grouping data into Departments/Disciplines in preparation of setting rls on existing records
Loosening security in order to tighten security
Ensuring that rls is set correctly when a new record is inserted
Hiding records - is this the best option?
Benefits
Users evolving into more sophisticated ‘sharers’
Cultural shift to more open attitudes towards data access
Significant user satisfaction with a more flexible and secure data model
Security significantly improved or made more robust
Ability to utilise RLS to assist with integration projects such as the MV DAMS
Promoting the sharing of data between disciplines
MV Strategy
Consider the security design currently in place.
What does RLS do that is different?What do the users want?Where is RLS needed?Is RLS for ‘Everybody’/ Every situation
after-all?
Is RLS for Everybody/Every Situation After All?
RLS is not for every situation. Each unique EMu site will have it’s own
challenges.RLS is useful and can help but not solve
all your access and restriction issues. A solid structure to begin with will support
your implementation of RLS