Opened 8 years ago

Closed 4 years ago

#144 closed Enhancement (Fixed)

Community Level Secure Query

Reported by: Kathryn Marti Owned by: Tong
Priority: !!Urgent Milestone: 2.3 - Testing
Component: View-App Version: 2.3
Severity: Moderate Effort Keywords: secure query
Cc: "garth.braithwaite@…, Tong Zheng

Description (last modified by Garth Braithwaite)

Need ability to secure selections. Currently a page selection can be secured but selections within that page are not controlled. This mainly impacts query modules community type selections. For requests that need to have selections secured, a new selection page is needed where the sub selections are made prior to entering the page. The final page would then not allow a user to make said selection. This is needed so that the secure selections are not easily bypassed.

Change History (11)

comment:1 Changed 8 years ago by Kathryn Marti

Component: IBIS-QView Webapp

comment:2 Changed 7 years ago by Garth Braithwaite

Milestone: Unassigned2.1 - Testing
Owner: changed from Developer to Testing
Severity: UnknownModerate Effort
Version: Unknown2.1

comment:3 Changed 7 years ago by Tong Zheng

Cc: Tong Zheng added
Milestone: 2.1 - TestingUnassigned
Version: 2.1Unknown

It wouldn't be in 2.1. It is Utah specific feature.

comment:4 Changed 7 years ago by Kim Neerings

Owner: Testing deleted

comment:5 Changed 7 years ago by Kim Neerings

Utah needs; NM, USET would benefit; may also be relevant to Mass and NJ.

comment:6 Changed 7 years ago by Garth Braithwaite

Milestone: Unassigned2.2 - Feature Set Definition

comment:7 Changed 7 years ago by Garth Braithwaite

Description: modified (diff)
Summary: Secure QueryCommunity Level Secure Query

comment:8 Changed 7 years ago by Lois Haggard

Milestone: 2.2 - Feature Set DefinitionNeeds Analysis

comment:9 Changed 4 years ago by Garth Braithwaite

Milestone: Needs Analysis2.3 - Testing
Owner: set to Tong
Version: Unknown2.3

comment:10 Changed 4 years ago by Garth Braithwaite

IMPLEMENTATION:

Row level security for query module dimensions. Updated and tested the query module dimension value voter, added a model map process to the spring config that clears unauthorized values if no filtering and grouping by a secured dimension, added a spring config model map process that adds SELECTED_DIMENSION filtering for secure dimension values. IBIS-Q related request name/value pair generation now checks for AUTHORITY if the UserDetails? is supplied.

For this feature to work the following is needed:

  1. The app must be properly configured. This is the default behavior of the core code. Adopters that choose their own configurations can reference the core code on how this is done.
  2. Query module row's to be secured must have an appropriate DIMENSION/VALUE/AUTHORITY value.
  3. The user MUST have an AUTHORITY that matches the above value to have access to that data.

comment:11 Changed 4 years ago by Tong Zheng

Resolution: Fixed
Status: newclosed
Note: See TracTickets for help on using tickets.