1 / 15

Intranet Permissions

Intranet Permissions. Current Identity, Access Management and Entitlement service. Background – UPI, Services System and Access Intranet File and its uses How it works How to use them Departmental email addresses. UPI and Services System. New UPI went live from January 2005

donelle
Download Presentation

Intranet Permissions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intranet Permissions

  2. Current Identity, Access Management and Entitlement service • Background – UPI, Services System and Access • Intranet File and its uses • How it works • How to use them • Departmental email addresses

  3. UPI and Services System • New UPI went live from January 2005 • Old UPI runs in parallel to be decommissioned this year • Provides a single ‘view’ of core person information • Name • Department • Association i.e. staff, student, visitor • Start date and end date • Telephone • Email and UserID • Data available in real-time or batch update • UPI data used to determine eligibility for some services • Services system developed to • enable ‘visitors’ to UCL to be assigned a UPI • On-line requests for services for people at UCL

  4. UPI Architecture

  5. ‘Intranet File’ and its uses • What is it? • Form of automated access control to determine eligibility to access resources • Used • Group permissions for Departmental websites • Eligibility for access to Staff WTS • Eligibility for access to restricted software on Staff and Cluster WTS • Eligibility for access to Library eJournals • Departmental email lists • UPI data • UserID • Department Hierarchy • Active user (end date in the future) • Report updated daily

  6. How does it work? UPI (Person, Dept, End date, Role) Directory File (CSO) Intranet File UPI, Username, dept, eligibility UPI, Person details, name, dept, tel Active Directory (LDAP) UCL Web Shibboleth Library WebCT/Moodle

  7. Why the changes? • Department list used for defining the group names is maintained by Human Resources. • In 2005, the introduction of a new HR personnel system meant that the organisation of departments underwent some significant changes which are yet to be fully reflected in the Intranet group list. • There has been a greater demand for access to resources by different groups of people affiliated with UCL - for example, visitors, alumni, short course students. • Old and new group names running in parallel for two years • Benefits of changes • Keep Intranet group access up-to-date so group names need to reflect changes in the organisation structure • Provide granularity to groups by reflecting different types of user who may need to be granted access portions of the Intranet. • Addition of roles based access such as HoD

  8. How can we help? • Find and replace .htaccess • Where possible the new group names will automatically be replaced with the old ones – scripted operation • Estimate that this will only cope with 40% of the instances • Will not affect departmental web servers

  9. How to find the right group • These links provide information on how the new Intranet groups are defined. Each group has two parts: • http://www.ucl.ac.uk/upi/web-users/intranet-groups/ • List of Group Prefixes and Suffixes • Comparative List of Old and New Intranet Groups • Prefix • either "all" or a department code • all-staff • all-pg • Suffix • the type of user included in the group • ‘-vststu’ Visiting Student • ‘-contr’ Contractor • Prefixes are hierarchical - in the same way as the organisation hierarchy • granting access to ‘medicine-staff’ covers access to all sub-units under the Dept of Medicine. • The "all" prefix is used to limit access to all members of a particular type of user.

  10. Old versus New • Comparison table to help you make changes • Available at: http://www.ucl.ac.uk/upi/web-users/intranet-groups/old-new-groups.shtml • Large list!

  11. How to use the group - examples • Restrict website to all Anthropology Staff, Casuals and Honoraries • Edit .htaccess file • Add • anthrop-staff • anthrop-hon • anthrop-cas • Restrict website to Language Centre students • Edit .htaccess file • Add • langcntr-lngstu • Grant all staff, casuals and honoraries access • Edit .htaccess file • Add • all-staff • all-hon • all-cas • Further information www.ucl.ac.uk/upi/webusers/

  12. Departmental Email lists • Lists published here: • http://www.ucl.ac.uk/UCL-Info/Directories/staff-lists/ • Updated nightly, please check before using • Number in brackets indicates number of email addresses • Example: • staff-biochemh@ucl.ac.uk: Dept of Biochemistry & Molecular Bio (H) (12) - Hampstead • staff-biochem@ucl.ac.uk: Dept of Biochemistry & Molecular Biology (86) • ‘staff’ currently includes staff, casuals and honoraries

  13. Entitlement Issues • Complicated interaction between systems • Access determined by information held in HR, Registry and Services system • ‘Ownership' • Distributed responsibility - problems tend to be passed around • Lack of integration of secondary systems • Change control

  14. Future Plans • Go live with Intranet File Summer 2007 • Continued improvement to the system • Investigate access control systems • Develop mechanism to manage exceptions • Include Graduate Office staff in all-pg email list • Roll-out Services system to all departments – from July 2007

  15. Web services Jeremy Speller – Head of Web Services Neil Martin – Web Support Manager David Gillies – Web Support Officer John Bowlas – Web Support Officer Web-support@ucl.ac.uk www.ucl.ac.uk/webservices UPI Team, Management Systems Tim Purkiss – UPI Information Officer Aaron To – Principal UPI Developer Kathryn Lewis – Project Manager Upisupport@ucl.ac.uk Directory-corrections@ucl.ac.uk www.ucl.ac.uk/upi Further Information and Contacts

More Related