Articles in this section

ARTS - Access Control Lists

Avatar
Jon Finke
  • Updated
Follow

Overview

Along with recording who attends an event, we can also set up access control lists to control who is "admitted" or "rejected" from an event.  The ACLs will drive what what text stanza is displayed. When an event is first created, it has no ACLs and anyone who badges in is accepted and the "Accepted" text stanza is displayed.

Details

The ACLs consist of an ordered list of tests.  These tests (ACLs) are evaluated until there is a match. If no ACLs match, then the session is rejected and the "Rejected" text stanza will be displayed. The first step of creating an ACL is to select the type of ACL.  This will make options specific to that ACL type appear on the page, as well as attributes available for all ACLs. The following types of ACLs are supported:

  • In Group - The attendee is checked for membership in the selected group.  You can now provide a list of groups, and each one will be checked for membership. The list of groups includes the following types of groups.
    • Groups owned by the department that owns the event.
    • Groups that have been specifically shared via the "Coas-Orgn readers" control in the group tool. 
    • Public groups
  • Not In Group - The attendee is checks that they are NOT a member of a specific group.  This can be handy for cases where a person needs to match several checks before being accepted. as with Groups, a list of groups can be used.  The same groups are available as for the previous ACL.
  • Status - Matches any attendee with the specific people status type.  NB: This is a rather obscure selection, and the appropriate selection has not yet been defined. This may be added if there appears to be some demand for this option.
  • People Aux Status Stream/Field = Y - Many parts of the IdM world rely on People Aux Status Stream/Field combinations.  These are created and maintained via the IdM Configuration tool. It allows you to select a number of people status values and group them together.  Access to this tool is typically restricted to DotCIO staffers in the IdM group.
  • People Aux Status Stream/Field = {VALUE}.  While most Stream/Field combinations are booleans,  some provide a character value instead.  This is a variation of the previous ACL (which assumes the {VALUE} is "Y".)
  • Matches Anyone - Exactly as this sounds, this ACL will match anyone.  This may be useful where prior ACLs are setting other text stanzas.
  • External - External ACLs rely on a custom PL/SQL function that can provide an arbitrary decision that is otherwise not supported.  These must be set up by DotCIO.  Each external function is owned by a specific department.
  • In Master Group - Master Groups, or groups of group are used for some special applications.  This returns true if the attendee is a member of one of the groups.  These are used for Time Slots for scheduling, and some "select one of..." tools such as Campus Location (On Campus, Intermittent, Remote). 
  • Not In Master Group - This matches if the person is NOT in one (or more) of the groups.  This can be used by some applications that want to prompt if the attendee still needs to make a selection.
  • Has Current Time Slot - Used in conjunction with the Time Slot Selection tools, this returns true if the person is in a time slot group for the current date and time.  There are also fudge factors to allow people to arrive early or late. Along with checking if the person arrived with in the slot time (plus or minus the fudge factors), it can accept or reject as appropriate.
  • Ok - Covid Compliance -  Access to this ACL is restricted to specific departments. (Note - this ACL type is deprecated)
  • DIAL - Symptoms Ok - Person is in full compliance with COVID protocols, is current with required testing and has reported symptoms via DIAL and is healthy.  The ACL Description will be set to indicated if DIAL is needed or if they are not in compliance. This is the best ACL to use to ensure people are in current compliance for entry.
  • DIAL/Symptom check status - also under development, although this ACL is being used as part of the COVID-19 testing "pre-test" check in process.  It is a complex ACL that allows you to specify the stanza, as well as the "ACL Description" returned to the display or even ignore the case entirely (continue ACL checking). The following cases are processed in this order (if you ignore a case, the ACL will exit if that case is matched). While individual event uses cases will vary, typically in case 1 and 4 (No DIAL symptom check that day), the attendee is instructed to leave and to return once they have completed their DIAL/Symptom check.  In case 7 (No Symptoms), they are allowed in and in all other cases are refused entrance.
        • No DIAL entry - they have NEVER reported symptoms via the DIAL tool.
        • In Quarantine - the attendee is currently in quarantine
        • In Isolation - the attendee is currently in isolation
        • They have not reported Symptoms via DIAL today (people may be rejected and told to complete symptom check and return)
        • The attendee reported a positive COVID test via the DIAL tool.
        • The Attendee reported an exposure to COVID via the DIAL tool.
        • The attendee reported no symptoms via the DIAL tool today
        • The attendee reported one or more COVID symptoms via the DIAL tool today.

Along with the ACL type, each ACL has the following attributes

  • Ignore - when set to yes, this ACL will be ignored.  This makes it simple to set up ACLs and not use them right away or to allow temporary access for testing,
  • Only On - Allows you to select which days this ACL is applied.  
  • Name - A name for the ACL to be included in displays and lists,
  • Rank - a numeric ranking used to order ACLs from lowest to highest for execution.
  • External Entry Type - a shortcut to identify specific status types for short term guests
  • Start Time - An alternate start time for this ACL that does not match the start time of the event. Typically only used for very complex events.
  • End Time - An alternate end time for this ACL.
  • Text Type - The text stanza type to be displayed when this ACL is matched.  This can be used to provide alternate text values, such as for VIP attendees.
  • Allowed - Typically based on the text type, helps direct processing and is logged in the event logged.  Usually Y or N.
  • No Capacity Check - Tells the ACL to ignore capacity checks for this event if enabled. This has not been heavily tested, it should be tested before using it.
  • No Re-Entry check - tells the ACL to ignore the "re-entry" check for the event.  Not heavily tested
  • Description - A text stanza that is passed back to the Text Stanza routines - this can contain ACL specific text, CSS and other information.  This often allows for a generic text stanza, with all of the customization to be kept in the ACL.
  • Comments - Just comments for the developers - this is only visible to editing the ACLs.

Along with use directly in ARTS events, ACLs are sometimes used for other applications such as the DIAL tool to provide a more responsive and flexible control interface.

References/Links

None at this time

Last Reviewed: 07-Feb-2021

Related articles

Comments

0 comments

Article is closed for comments.