OpenEvSys

Access Control Questions

If I delete a user, does it delete all the records they have created?

No. Deleting a user has no effect on the content of the database. The records a user creates or udpates will still be there, as will the "audit" record of them having done so.

Is the database secure?

No database is truly secure, but some are securer that others. For real use (and not just testing on your laptop), the OpenEvSys application should be deployed with the assistance of a system administrator familiar with the setup and running of a UNIX-based server and network environment.

Is OpenEvSys encrypted?

No, not by default. The OpenEvSys backend can be deployed into encryption tools such as LUKS or TrueCrypt. Traffic can be encrypted using Secure Socket Layer (SSL). You will need a technician to set this up for you. Before doing so, check that the use of encryption technology is legal in your country, or whether it is legal for a 3rd party to "export" this technology to you through the provision of a network service (eg. a webhost). This might be a useful resource in that respect, but we're not sure how up to date it is: http://rechten.uvt.nl/koops/cryptolaw/

What is an Audit Log?

An audit log is a big list of the changes made to a record. It is a basic way of monitoring the integrity of information. in OpenEvSys. So, it includes when records were created, what type they are, when they were updated, linked or delinked together or deleted, and by who. For example, the audit log tab on an Event shows all this information for every record linked to that event, including Persons, linking formats (act, involvement, information, intervention, etc), documents, etc. Note that the audit log does not currently show what changes were made, only the fact of the change.

What does mean “ACL” mean?

ACL means "Access Control list". This is a setting that the OpenEvSys administrator can use to limit the access of certain groups of user to particular groupings of features in OpenEvSys. For example, it is possible to give a group of user access to the "Events" section, but not the "Analysis" section of OpenEvSys. ACL differs a little from the concept of "privileges", which control what a user group can do with records.

What are privileges?

Privileges determine what a user belonging to a certain role can do with the records that exist in OpenEvSys. For example, privileges determine whether you are allowed to update or create a new event.

How are privileges different from ACL?

Access Control Lists (or ACL) are intended to create roles that define what features of OpenEvSys can be accessed by users assigned to that respective role. Privileges, on the other hand, are concerned with specific actions taken within the enabled features of OpenEvSys. For example, the ACL may give you access to "Events" and permissions will then decide whether or not you can edit or create new events.

Can I hide some records from other users?

Yes and no. The general approach OpenEvSys 0.9 takes to record visibility is quite simple: "see all, or see nothing", rather than "User 1 can see fields A and B, but not C". There is one exception: where the confidentiality field of the Event format is checked (i.e. set to "Yes"), the user entering the record can choose to restrict access to that Event and all linking formats (Act, Involvement, Intervention, Information, etc) to groups of users which share a particular role. This is an experimental feature in OpenEvSys 0.9.

The development of OpenEvSys is led by the needs of users, so if you need a more complicated record visibility system, let us know.

If we make it online, is it searchable by Google?

No, OpenEvSys requires login credentials before any records can be viewed. Google cannot search or access your data, but they can certainly index the root url of your OpenEvSys site. Ther are ways to avoid this, such as deploying OpenEvSys behind a firewall or Virtual Private Network (VPN). If you want your site removed from Google, please refer to Removing my own content from Google's index