intranet permissions l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Intranet Permissions PowerPoint Presentation
Download Presentation
Intranet Permissions

Loading in 2 Seconds...

play fullscreen
1 / 15

Intranet Permissions - PowerPoint PPT Presentation


  • 140 Views
  • Uploaded on

Intranet Permissions. Current Identity, Access Management and Entitlement service. Background – UPI, Services System and Access Intranet File and its uses How it works How to use them Departmental email addresses. UPI and Services System. New UPI went live from January 2005

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Intranet Permissions' - donelle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
current identity access management and entitlement service
Current Identity, Access Management and Entitlement service
  • Background – UPI, Services System and Access
  • Intranet File and its uses
  • How it works
  • How to use them
  • Departmental email addresses
upi and services system
UPI and Services System
  • New UPI went live from January 2005
  • Old UPI runs in parallel to be decommissioned this year
  • Provides a single ‘view’ of core person information
    • Name
    • Department
    • Association i.e. staff, student, visitor
    • Start date and end date
    • Telephone
    • Email and UserID
    • Data available in real-time or batch update
  • UPI data used to determine eligibility for some services
  • Services system developed to
    • enable ‘visitors’ to UCL to be assigned a UPI
    • On-line requests for services for people at UCL
intranet file and its uses
‘Intranet File’ and its uses
  • What is it?
    • Form of automated access control to determine eligibility to access resources
  • Used
    • Group permissions for Departmental websites
    • Eligibility for access to Staff WTS
    • Eligibility for access to restricted software on Staff and Cluster WTS
    • Eligibility for access to Library eJournals
    • Departmental email lists
  • UPI data
    • UserID
    • Department Hierarchy
    • Active user (end date in the future)
  • Report updated daily
how does it work
How does it work?

UPI

(Person, Dept, End date, Role)

Directory File

(CSO)

Intranet File

UPI, Username, dept, eligibility

UPI, Person details, name, dept, tel

Active Directory

(LDAP)

UCL Web

Shibboleth

Library

WebCT/Moodle

why the changes
Why the changes?
  • Department list used for defining the group names is maintained by Human Resources.
    • In 2005, the introduction of a new HR personnel system meant that the organisation of departments underwent some significant changes which are yet to be fully reflected in the Intranet group list.
    • There has been a greater demand for access to resources by different groups of people affiliated with UCL - for example, visitors, alumni, short course students.
    • Old and new group names running in parallel for two years
  • Benefits of changes
    • Keep Intranet group access up-to-date so group names need to reflect changes in the organisation structure
    • Provide granularity to groups by reflecting different types of user who may need to be granted access portions of the Intranet.
    • Addition of roles based access such as HoD
how can we help
How can we help?
  • Find and replace .htaccess
    • Where possible the new group names will automatically be replaced with the old ones – scripted operation
    • Estimate that this will only cope with 40% of the instances
    • Will not affect departmental web servers
how to find the right group
How to find the right group
  • These links provide information on how the new Intranet groups are defined. Each group has two parts:
    • http://www.ucl.ac.uk/upi/web-users/intranet-groups/
    • List of Group Prefixes and Suffixes
    • Comparative List of Old and New Intranet Groups
  • Prefix
    • either "all" or a department code
    • all-staff
    • all-pg
  • Suffix
    • the type of user included in the group
    • ‘-vststu’ Visiting Student
    • ‘-contr’ Contractor
  • Prefixes are hierarchical - in the same way as the organisation hierarchy
    • granting access to ‘medicine-staff’ covers access to all sub-units under the Dept of Medicine.
  • The "all" prefix is used to limit access to all members of a particular type of user.
old versus new
Old versus New
  • Comparison table to help you make changes
  • Available at: http://www.ucl.ac.uk/upi/web-users/intranet-groups/old-new-groups.shtml
  • Large list!
how to use the group examples
How to use the group - examples
  • Restrict website to all Anthropology Staff, Casuals and Honoraries
    • Edit .htaccess file
    • Add
      • anthrop-staff
      • anthrop-hon
      • anthrop-cas
  • Restrict website to Language Centre students
    • Edit .htaccess file
    • Add
      • langcntr-lngstu
  • Grant all staff, casuals and honoraries access
    • Edit .htaccess file
    • Add
      • all-staff
      • all-hon
      • all-cas
  • Further information www.ucl.ac.uk/upi/webusers/
departmental email lists
Departmental Email lists
  • Lists published here:
    • http://www.ucl.ac.uk/UCL-Info/Directories/staff-lists/
  • Updated nightly, please check before using
  • Number in brackets indicates number of email addresses
  • Example:
    • staff-biochemh@ucl.ac.uk: Dept of Biochemistry & Molecular Bio (H) (12) - Hampstead
    • staff-biochem@ucl.ac.uk: Dept of Biochemistry & Molecular Biology (86)
    • ‘staff’ currently includes staff, casuals and honoraries
entitlement issues
Entitlement Issues
  • Complicated interaction between systems
  • Access determined by information held in HR, Registry and Services system
  • ‘Ownership'
    • Distributed responsibility - problems tend to be passed around
  • Lack of integration of secondary systems
  • Change control
future plans
Future Plans
  • Go live with Intranet File Summer 2007
  • Continued improvement to the system
    • Investigate access control systems
    • Develop mechanism to manage exceptions
      • Include Graduate Office staff in all-pg email list
  • Roll-out Services system to all departments – from July 2007
further information and contacts
Web services

Jeremy Speller – Head of Web Services

Neil Martin – Web Support Manager

David Gillies – Web Support Officer

John Bowlas – Web Support Officer

Web-support@ucl.ac.uk

www.ucl.ac.uk/webservices

UPI Team, Management Systems

Tim Purkiss – UPI Information Officer

Aaron To – Principal UPI Developer

Kathryn Lewis – Project Manager

Upisupport@ucl.ac.uk

Directory-corrections@ucl.ac.uk

www.ucl.ac.uk/upi

Further Information and Contacts