Security and access controls

Security and access controls

Access controls are one of the most important aspects of Elgg. This feature allows you to control exactly who has access to your content.

When you create any item of content in Elgg - be it a profile item, file upload, weblog post, etc - it has an access level associated with it. By default, the available options are:

• Public - anyone can see your item
• Logged in users - only logged in members of the system can see your item
• Private - only you can see your item

When you join a community, it will be added to these options. Thereafter, when you create or edit content, you can restrict it only to members of that community. Note that doing so does not automatically place that object in the community.

Security and you

Security can only be as tight as users let it be. If you have content that you don't want other people to see, it is your responsibility to ensure that you set the access control appropriately. Do not assume that the default setting is the one you want – the default setting is "logged in users" for blogs and "private" for wikis.

Creating and maintaining custom access controls

You can easily create new access controls containing exactly the people you want to see items of content; you can create a custom group that only you see.

1. Make sure you have marked the people within the intended group as friends. For information about how to do this, see the Network overview.
2. Click on the Network menu item on the main toolbar.
3. Click on the access controls submenu item.
4. Halfway down the page, you will see a Create a new group form. This is just an easy-to-remember name for your new access control. Type it the name and click Create.
5. You've created a new access control - but it's empty. You'll see your access control represented on the screen with two lists of people; the one on the left is all your friends who aren't in the access control, and the one on the right is members of the access control.
6. Select the access control members on the left (you may need to hold down the Ctrl key as you click), and then click Add selected to group. You can either do this all at once or one at a time.
7. Click on Blog, Pages or Files and add some content to the system. You'll see that under the access controls pull-down menu, Steering committee (or your access control's name) has been added as an option. From now on, whenever you select that access control, only the members of the group will be able to see that content.

If you want to delete users from an access control group:

1. Click back to the access controls submenu item under Network.
2. Find the access control you want to edit, and highlight the people you want to remove from the list on the right.
3. Click remove selected from group.

To remove a group, just click Delete this group next to the access control's name.

You can have as many access controls as you wish, each with as many or as few people as you wish.

How secure is SciSpace.net really?

The answer may come down to the fact that the underlying technology is, like many players in this space, released as open source, with some of the tools being developed by unpaid enthusiasts. No one can guarantee that SciSpace.net is 100% secure, like any other software system.

Because we have no guarantees about security, we aim to be vigilent in checking security regularly. The SciSpace team is looking for information leaks from a variety of sources, and we set up a number of tests of different scenarios. We are also in contact with some of the developers to discuss issues of security. 

Adapated from Elgg documentation

iframe, 15-Oct-2007 14:32 (GMT)