Manage Access Control Based on Stewardship Responsibilities
Blindata’s stewardship module offers responsibilities-based access control to restrict access to resources based on user roles. Access control configurations can be modified by users with the STEWARDSHIP_ADMIN permission. This permission not only includes administrative functions but also allows defining access policies for specific resource types based on user roles.
The model ensures that only users with assigned responsibilities for a resource type can perform actions on it. If a user does not have any assigned responsibilities, they can still view resource details but cannot perform any actions.
How to configure Stewardship ACL
Access control lists (ACLs) can be configured from the main roles page by clicking the gear icon next to the page title. This opens a modal where users can enable or disable ACL features for specific resource types.
When creating a role, users can specify the resources to which the role applies and whether users with that role can modify, create, or delete those resource types. If the “Can write” option is enabled, users with the role can modify the chosen resource type; otherwise, they can only view it without modification rights.
Enabling the ACL feature ensures that even users with permission to edit a resource cannot alter it unless they have an assigned responsibility. For example, if the ACL is enabled for data categories (concepts) and a user has all permissions but no responsibility defined for a data category (concept), actions such as “Delete” and “Modify” are automatically hidden until a responsibility is assigned to the user for that resource.
Responsibilities-based access control in Blindata provides granular control over resource access, ensuring that only authorized users with assigned responsibilities can perform actions on specific resources.