• Time based security access privileges

  • Nous essayons de faire OpenKM aussi intuitif que possible, mais tout avis est bienvenu.
Nous essayons de faire OpenKM aussi intuitif que possible, mais tout avis est bienvenu.

Moderator: dedisoft

Forum rules: Avant de poser une question, merci de regarder la documentation du wiki ou d'utiliser la fonction recherche du forum. Et rappelez vous que nous n'avons ni boule de cristal ni possibilité de lire dans les pensées, aussi pensez à spécifier quelle version d'OpenKM vous utilisez ainsi que la version du navigateur web et du système d'exploitation. Pour de plus amples informations lisez Comment reporter un bug efficacement (anglais).
 #42015  by creya
 
What would be a good way to design access to document for a certain duration only?

e.g. give access on a file or folder to a user or role, then have the system automatically remove the given access privilege in, say, 7 days...

I am thinking about designing an interface that gives the privilege then at same time adds a cron job which reverses the privilege after a set number of days. But, with so many files/folders, there would be tons of cron jobs which could adversely impact performance. Also, in case the user changes the privileges again, it would be very messy to change the existing cron jobs related to the same file or folder.

Did anyone try something similar? any ideas? thank you all.
 #42023  by jllort
 
First of all should make some preliminar considerations:
It affects all the repository or only some folders and documents into ?
Secondly affects all users or only an small group ?

And about crontab job, should only be needed one crontab job, and probably use in combination with activity log ( registering security changes ).
 #42027  by creya
 
Thanks Josep... Let me provide some more details:

suppose we have 100,000 folders where each contains the medical files of one patient. These folders will not be accessible to anyone, except admin.

When a patient comes to the hospital, a few doctors and a few nurses will need access to his files for a few days. So, the administrator will give access to say 5 people to access them by adding their user (or can be done by role), and then access should be revoked later on.

To manually revoke access each time would be too much work. A better solution is to give access to a folder for a specific amount of days, at the end of which access should be revoked automatically.

About 2% to 3% of all folders should be available for viewing (accessible to dr. and nurses) at any day i.e. 2000 to 3000 folders.

What would be a good strategy to handle this scenario?
 #42034  by jllort
 
In your scenario I will create an extra table with columns ( folder_uuid, date_to_revoke, granted_user, granted_role ) -> take it as an initial aproach.

With crontab task, can schedule daily the permissions you must remove, based on the table log you have created.

Create a minimal application ( jsp or application.war connected to openkm with sdk4j, or .net application, see our sdk's from docs.openkm.com ) logged as administrator. From there modify grants and also add the changes in the extra table. This application should:
-- search for a specific folder ( patient ), when found:
-- apply security changes and log into the extra table

Hope it could be used by you as an starting point. Really is not much complex feature. I also suggest make daily reports of added and removed grants and always take control on possible error during the process. The most important thing is controlling errors.
 #50810  by jllort
 
These scenarios are always customizations because standard solution never will fit the requeriments.
 #50834  by jllort
 
When I talk about "standard solution" I mean none solution will fit with your needs, that's why we do not have implemented any approach because at the end nobody will use it and should be implemented something that exactly fit your requirements.

I suggest investigate:
* https://docs.openkm.com/kcenter/view/ok ... ontab.html
* https://docs.openkm.com/kcenter/view/ok ... ption.html
* https://docs.openkm.com/kcenter/view/ok ... #grantUser
* https://docs.openkm.com/kcenter/view/ok ... executeSQL

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.