Notebook Security

Overview

Annai Systems has implemented a security strategy with three elements to secure notebooks in STARInsight.

  1. Authentication: To view a notebook, users must log in to the STARInsight domain where the notebook was created.
  2. Authorization: Once a user logs in, his privileges to modify a notebook are constrained based on several permission levels.
  3. Auditing: Notebook creation, deletion, and modifications to permissions are logged and available for audit reporting.

Permissions Levels

Three different permissions levels are available.

LevelPrivileges
Owner

Open (View and Edit)

Clone
Rename
Delete
Change Permissions

Writer

Open (View and Edit)

Clone
Rename

Reader

Open (View Only)

Clone

The options available in a notebook's action menu will vary based on his permissions levels for that notebook. If a user does not have any of these three permissions levels, he won't see the notebook at all.

A READER will be able to open a notebook, but any attempt to run a notebook's paragraph will trigger an error message.

Permissions Assignment Rules

These rules are applied automatically.

  1. STARInsight admins have OWNER access to all notebooks in the domain. They cannot be removed from a notebook, and this level cannot change (for example, you could not downgrade an admin from OWNER to READER).
  2. If an admin is demoted to a researcher, he loses access to ALL notebooks.
  3. A researcher who creates a notebook has automatic OWNER permissions to that notebook. Otherwise, researchers do not get automatic access to any notebooks.
  4. Renaming a notebook does not change the permissions for that notebook.
  5. Cloning a notebook does not preserve the original notebook's permissions. For example, if three researchers had access to a notebook, and an admin cloned the notebook, the three researchers would not have access to the clone.

Changing Permissions

OWNERs will have access to the "Permissions" option in the notebook action menu.

Clicking this deploys the permissions modal. Note that the domain's admins are automatically listed here with the permissions selector disabled (because Admins are automatically OWNERS on every notebook).

To add a new researcher, type their username, first/last name, or email and select from among the matching users. Use the dropdowns to change researchers' permissions levels, or remove them altogether. Don't forget to click the "Save" button when you're done.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk