Access Keys:
Skip to content (Access Key - 0)

CSM

Managing Protection Elements

"A Protection Element is any entity (typically data) that is subject to controlled access. CSM allows for a broad definition of Protection Element. Nearly everything in an application can be protected: data, table, buttons, menu items, etc. Identifying individual Protection Elements makes it easier to control access to important data." (excerpt from the caCORE CSM v4.2 Programmer's Guide)

Table of Contents

Overview

CSM administrators may create protection elements to represent application resources whose access should be restricted. Administrators may also define groups of protection elements by using Protection Groups. Refer to the Managing Protection Groups guide for more information on group creation.

Each protection element is defined by five fields: Name, Object Id, Attribute Name, Attribute Value, and Type. Set values for these fields that will help you easily identify the protection element and what entity it protects.

The Name field should be a short and descriptive label for the protection element. This is a required field but does not need to be unique across all protection elements. The Object Id is an alphanumeric id field. The Attribute Name, Attribute Value and Type fields can optionally be used to further describe the protection element and what sort of entity it protects. Internally, protection elements are distinguished from one another by the combination of their object id, attribute name and attribute value. Thus, individually these field values do not need to be unique but the combination of the three fields must be unique. Finally, you may add a more lengthy description of the protection element using the Description field.

The Protection Elements tab of the Access Control Managment interface allows CSM application administrators to search for, add, remove and modify protection elements. To use the Protection Elements tab, launch the CSM administrative interface and search for the application whose protection elements you wish to manage. Click on the application name to highlight it, click the View button and click the Protection Elements tab from the Access Control Management interface.

Administrative Access

In order to manage CSM applications and resources, you must be logged into a grid account that is configured to be a CSM administrator. During the installation process, it was recommended that at least one grid identity be added as a CSM administrator. If your account was not configured to be a CSM administrator, review step 7 of the Installation Guide.

If you have added your grid account as a CSM administrator but you are experiencing an error similar to the one pictured to the right, make sure that you specified the correct grid account in the Credential select box of the Application Access Control interface.
access denied message

Searching for Protection Elements

You can use the Search for Protection Elements pane to search for existing protection elements. Clicking the Search button without filling in any of the search fields will return all of the protection elements associated with the the specified CSM application.

search for all protection elements

In the example screenshot, none of the search fields have values so all four of the example protection elements have been returned in the search results. Notice in this example that the  names give a simple description of what the protection element is, the object id values are all unique and make use of both numbers and characters. The Attribute field in this case is used to describe a patient data object that may be either an object or database table. The Value field is used to represent what field (or table column) is being protected. Finally, the Type field provides a description of what kind of data is stored in the protection element.

To narrow the search results down, enter search terms in the search fields. The administrative tool will return all protection elements that match the exact terms entered in the search fields. You can use the * character as a wildcard in your search terms.

search by name
wildcard name search

The screenshots show two sample searches. The first search uses a specific protection element name while the second search using a wildcard to search for all protection elements matching the name Patient*.

Creating a Protection Element

To create a new protection element, click the Create button. This will launch the Create Protection Element interface.

create a protection element

Enter values that describe what the protection element is and what entity it was created to protect. The Name and Object Id fields are required, while Attribute Name, Attribute Value and Type are optional. Again, the combination of object id, attribute name and attribute value fields must be unique to the CSM application. If you enter a combination of these values that already exists, you will receive the following error message:

duplicate protection element error message

Notice in the screenshot that the combination of object id, attribute name and attribute value entered matches preexisting values for the PatientName protection element. Once the values have been adjusted to ensure that the combination of field values is unique, click the Create button to create the new protection element. The Protection Elements tab will refresh and should display your new protection element.

creating a valid protection element
protection element tab updated

Modifying a Protection Element

To modify an existing protection element, first perform a search whose results include the protection element you wish to edit. Click on the protection element in the search results to highlight it and then click the Modify button. This will launch the Edit Protection Element interface.

modify existing protection element

The Name, Object Id, Attribute Name, Attribute Value, Type and Description field values may all be updated while the Id and Last Updated field are read only. When changing the Object Id, Attribute Name or Attribute Value fields, make sure that the new values create a unique combination. Otherwise the same error mentioned in the Creating a Protection Element section will be thrown. Click the Modify button to submit your changes. The Protection Element tab will refresh and should display your updated protection element. The Last Updated field value will automatically be set to today's date.

Removing a Protection Element

To remove a protection element, perform a search whose results include the protection element you wish to delete. Click on the protection element in the search results to highlight it. Click on the Remove button to delete the protection element.

Use caution with this feature! Clicking Remove does not prompt for confirmation and cannot be undone.

Next Steps:

Learn how to organize protection elements into groups with the Managing Protection Groups guide.
Last edited by
Keith Gasper (772 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence