Blindata’s stewardship module enforces responsibilities-based access control, ensuring that only authorized users with assigned responsibilities can modify specific resources. Access control settings can be managed by users with the STEWARDSHIP_ADMIN permission, which grants administrative privileges and the ability to define access policies for different resource types based on user roles.

This model ensures that users can only take action on resources for which they have explicit responsibilities. Users without assigned responsibilities may still view resource details but cannot modify or manage them, providing a structured and secure approach to access control.

How to Configure Stewardship ACL

Access control lists (ACLs) can be configured from the main roles page by clicking the gear icon next to the page title. This opens a modal where users can enable or disable ACL features for specific resource types.

When creating a role, users can specify the resources to which the role applies and whether users with that role can modify, create, or delete those resource types. If the “Can write” option is enabled, users with the role can modify the chosen resource type; otherwise, they can only view it without modification rights.

Enabling the ACL feature ensures that even users with permission to edit a resource cannot alter it unless they have an assigned responsibility. For example, if the ACL is enabled for data categories (concepts) and a user has all permissions but no responsibility defined for a data category (concept), actions such as “Delete” and “Modify” are automatically hidden until a responsibility is assigned to the user for that resource.

ACL Configuration for Specific Modules