Wiki source code of 02c. Realm-Based Security
Last modified by Ross Beck on 06/11/2025, 14:23
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | {{box cssClass="floatinginfobox" title="**Contents**"}} |
| 2 | {{toc/}} | ||
| 3 | {{/box}} | ||
| 4 | |||
| 5 | Configuring realm-based security provides complete control over the records users are permitted to access on the system. Users are not made aware of their realm status or of any records that exist outside the realms there are currently a part of. | ||
| 6 | |||
| 7 | Realms are defined using saved queries that can be combined to ensure only the relevant data is visible to the relevant users. Once the realm has been associated to a user group, all contained users are granted access only to the realm’s search results. | ||
| 8 | |||
| 9 | Please note that the queries used to define a realm are applied at runtime, resulting in any changes being applied immediately. Realms are applied cumulatively, and if a user is part of multiple groups that have multiple associated realms, the user will be able to view the records from all related realms. | ||
| 10 | |||
| 11 | Users granted administrator privileges have access to all records in an Index, regardless of realm configuration. | ||
| 12 | |||
| 13 | = Realm Setup = | ||
| 14 | |||
| 15 | Before realms can be used, they must be enabled by the system administrator. | ||
| 16 | |||
| 17 | Navigate to the Realms Setup page by clicking **Setup**, **Security** then **Realm Configuration** and enable the **Realm Based Security** option to activate the feature. | ||
| 18 | |||
| 19 | As an added security measure, there are a number of options to prevent unauthorised access from users that have not yet been associated to a realm. | ||
| 20 | |||
| 21 | The **Default Realm Access** drop-down list directly affects the **System Default** option in the **Default Realm Access** drop-down list when creating an Index. Selecting **Open** will result in new indexes being visible to all users, while selecting **Closed** will ensure it is only visible when explicitly set as part of a realm. | ||
| 22 | |||
| 23 | == Index Default Realm Access == | ||
| 24 | |||
| 25 | The **Index Default Realm Access** options provides a number of lists to further configure data segregation. | ||
| 26 | |||
| 27 | The **Open** list will contain all Indexes that have been specified as **Open** from the [[Index screen>>doc:Technical Documentation.CXAIR.Administration Guide.4\. Manual Index Creation.c\. Creating an Index.WebHome]] **Default Realm Access** drop-down list. Individual entries can be moved to the **Closed** list to allow a customisable number of Indexes to remain **Open**. | ||
| 28 | |||
| 29 | There are also two additional lists that directly relate to the build options specified when creating the indexes on the system. The **System Default** list contains all Indexes that have had the **Default Realm Access** drop-down list specified as **System Default** from the Index screen. | ||
| 30 | |||
| 31 | The **Sensitive** list will contain every Index that has had the **Sensitive** build option enabled. This results in **Closed** realm access for the Index, and is designed as an extra security measure to prevent newly created Indexes becoming accidentally visible. | ||
| 32 | |||
| 33 | Click **Modify Settings** to apply any changes, or **Cancel** to discard any changes. | ||
| 34 | |||
| 35 | = Creating a Realm = | ||
| 36 | |||
| 37 | Realms are created by constructing one or more saved queries containing all of the records a group of users are able to view. Please refer to the [[Query>>doc:Technical Documentation.CXAIR.User Guide.02\. Reporting.2a\. Query.WebHome]] chapter for detailed information regarding the different methods available when building a set of search results, specifically the [[Username Searches>>doc:Technical Documentation.CXAIR.User Guide.02\. Reporting.2a\. Query.WebHome||anchor="Username Searches"]] section if user-specific filtering is required. | ||
| 38 | |||
| 39 | Navigate to the Realms screen by clicking **Setup**, **Security** then **Realms**. | ||
| 40 | |||
| 41 | == Details == | ||
| 42 | |||
| 43 | Enter a unique name in the** Name** text box and click the **Select Reports** button. Select the required saved queries and click the **Selected Reports** tab. After ensuring the correct queries have been selected, click **Add to Realm**. | ||
| 44 | |||
| 45 | The selected queries will now be listed in the Realms screen. Use the drop-down list below the **Select Reports** button to manage selections, or Click the **X** icon to remove individual entries. | ||
| 46 | |||
| 47 | If multiple queries will be used to define a realm, choose the required Boolean operator from the **Combine As** radio buttons. Selecting **And** will return only the records that match all selected queries, while **OR** will return records that match at least one of the selected queries. | ||
| 48 | |||
| 49 | Making the **Restrict Display Fields** option **Restricted** will impact the individual columns a user has access to within an Index; they will only have access to the columns that have been saved in the query that denotes the realm. If set, the **Effective From** and **Effective To** options specify when the realm will be active. Users will only be able to access the data between the dates specified. | ||
| 50 | |||
| 51 | The **All Indexes** option ensures that saved queries that specify a field will be applied across all Indexes, regardless of whether the field is present. For queries that do not reference a field, such as a wildcard search, the realm will automatically be applied to all Indexes with this option disabled. | ||
| 52 | |||
| 53 | == Groups == | ||
| 54 | |||
| 55 | Realms are applied to Groups and not individual Users. | ||
| 56 | |||
| 57 | Existing groups are displayed in the **Available Groups** list and groups that will be impacted by the realm are displayed in the **Allocated Groups** list. Use the **Left** and **Right** arrows to move selected groups between the two lists. | ||
| 58 | |||
| 59 | To complete the process, click **Create Realm**. To discard any changes made, click **Cancel**. | ||
| 60 | |||
| 61 | == Managing Created Realms == | ||
| 62 | |||
| 63 | Saved realms are displayed on the **Realms** screen. Under the options column, click the **Run** icon to build the associated Indexes and Data Sources, the **Edit** icon to modify the realm settings and the **X** icon to delete the realm. | ||
| 64 | |||
| 65 | = Realms Validation = | ||
| 66 | |||
| 67 | The Realms Validation page allows each realm to be tested to ensure only the correct results are returned. Click **Setup**, **Security** then **Realms Validation** to access this functionality. | ||
| 68 | |||
| 69 | Select the relevant Index to test from the **Index** drop-down list and enter the test query in the **Query** textbox. Click **Search** to perform the query with the relevant realm configuration. | ||
| 70 | |||
| 71 | The table below will list each associated realm along with the number of **Matches** and **Mismatches**. |