<< Click to Display Table of Contents >> Navigation: Concordance > Concordance Administration > Security |
Concordance features a two-key system for accessing the security console's Security dialog box. Depending on the role of each reviewer, users may need different levels of access to each part of the system. Some staff may even warrant having administrator-level access while others only need minimal access to Concordance to review records. Security access to the database requires some forethought and preliminary planning based on user roles, which should be outlined before you administer rights to the system.
Enabling security is optional. Once security is enabled, you also have the option to require a logon. Concordance can restrict security for fields and menu items. For increased security, you should require a database logon.
Based on the security profile setup, you can prevent most reviewers from seeing any administrator-level menu options or features. These items do not display at all or are unavailable for selection. Users can be assigned full read/write access, read-only access, write-only access, and no access on a field-by-field basis. Users without read access are unable to view or search on restricted fields. Their searches are post-processed to remove any references to these fields, so their searches may run slightly slower and hit counts may not provide the same results as users with full privileges.
Enabling security requires temporary exclusive control of the database. Only one administrator user ID and password is allowed per database. The administrator user ID and password is set when the Security dialog box is first accessed. This information should be shared with a supervisor or one other administrator, with a copy of all security settings stored on your network in a secure location.
•Administrator and user passwords are encrypted with the SHA-1 standard in the .dcb and .sec files.
•Best practice is to create an account for the Concordance administrator with full rights to everything upon first setup at the Supervisor permissions level.
•If you enable security and do not require logons, Concordance captures a user’s network login and compares it to the user list in the database’s Security dialog box. If a match is found, then the user receives corresponding rights. If a match is not found, the user receives the default user rights.
•Security is distinct to each database; you must create and modify user permissions for each database. You can import a .csv file from another database to speed up the process.
•New users select their passwords when first logging on to Concordance.
Passwords for each user are set when the user first logs on to Concordance. The first word entered as a password is then confirmed in a security dialog box. Users can change their passwords at any time.
User ID and Password Rules:
•User IDs – 24-character maximum, not case sensitive, spaces allowed. It is best to match these to a user's Windows or network ID.
•Passwords – 24-character maximum, case sensitive, created on first access, slash characters are not allowed in passwords
•Blank user names are not allowed in Concordance
Concordance only allows one administrator user ID and password per database. The database's administrator ID and password should be shared with a supervisor or one other administrator, with a copy of all security settings stored on your network in a secure location. Once the administrator user ID and password is created it is encrypted and is not visible or accessible anywhere in Concordance. |
When first accessing the Security dialog box, you will see that a default user already exists. If you enable security, but don’t check the Login required check box, Concordance first checks to see if there is a Windows or network ID matching the user name in the security console. If a match is found, then you’ll be logged into that database with those security settings applied. If there is not a match, you will receive the security settings that were applied to the default user.
For a minimal level of database security, you can create users that match the Windows or network IDs for all administrators and give them full rights. Then, apply a lower level of security to the default user and apply that security setting to everyone else. Another option is to delete the default user completely.