From bff8fee9f25f9d0f1fd344818cf7db3e4dc3ce1c Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Fri, 18 Oct 2024 15:30:38 -0700 Subject: [PATCH 01/11] Update index.md Silo Security page updates to reflect the changes to Wildbook roles. --- docs/security/silo-security/index.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docs/security/silo-security/index.md b/docs/security/silo-security/index.md index f100a40b..f48a8117 100644 --- a/docs/security/silo-security/index.md +++ b/docs/security/silo-security/index.md @@ -17,13 +17,10 @@ Permissions are granted at Encounter-level, meaning a user can access any **Sigh ## User Roles -* **Contributor** - users that are limited to only submit Sightings -* **Researcher** - users that can manage their own data (Sightings and Individuals) and collaborations,  match and merge individuals, and search -* **User Manager** - users that can create and edit users, and manage user collaborations -* **Exporter** - users that can export all the data they own and collaborate with -* **Administrator** - users that can manage data and configure the Codex platform they belong to -* **machinelearning** - not functional -* **rest** - not functional +* **researcher** - Users that can manage their data and that of users they have an edit collaboration with, view data of users they have a view collaboration with, export thier and collaborator data, view their data integrity checks, and match and merge individuals. +* **orgAdmin** - Users that can create and edit but not delete users within their org, manage user collaborations within their org, create other orgAdmins for their org, export data within their org, view data integrity checks within their org. Users cannot edit the data or roles of any user with the staff role, even within the same org. +* **admin** - Users that can configure the Wildbook platform they belong to and can view ecological-related data integrity checks. +* **staff** - Users that can create, delete, and edit users; create and delete orgs; manage all user data; configure the Wildbook platform they belong to; view user-related and ecological-related data integrity checks. ## Collaborations @@ -68,7 +65,7 @@ You can view an encounter if: You can edit an encounter if: -* You’re a site admin. +* You have the staff role. * You reported the Encounter. * You have a collaboration with the owner and the owner grants you edit rights. *Note that edit rights can be revoked at any time.* @@ -77,4 +74,4 @@ You can edit an encounter if: While the Silo Security model provides heightened security for your data, you can allow members of the public, like *citizen scientists*, to see your catalog (Encounter and Marked Individuals) by following these steps: * Create a User Account in Wildbook with *‘public*’ as a username. This User has no roles and is not intended for login. Make sure to give it a secure password. -* Extend a *view-only collaboration* to the user *‘public’*. The public user account will automatically accept the collaboration. \ No newline at end of file +* Extend a *view-only collaboration* to the user *‘public’*. The public user account will automatically accept the collaboration. From fdb167469497216908b6913fcd37a5a25043a6a0 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Fri, 18 Oct 2024 15:35:14 -0700 Subject: [PATCH 02/11] Update index.md --- docs/security/silo-security/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/security/silo-security/index.md b/docs/security/silo-security/index.md index f48a8117..54ec106c 100644 --- a/docs/security/silo-security/index.md +++ b/docs/security/silo-security/index.md @@ -57,7 +57,8 @@ The person who initiates the collaboration has an assumed acceptance, so the rec You can view an encounter if: * You reported the Encounter. -* You’re a Site Admin. +* You have the staff role. +* You're an orgAdmin and the Encounter belongs to a member of your org. * You have a Collaboration with another user that allows for view access. * The Encounter was publicly submitted and not assigned to another User. @@ -66,6 +67,7 @@ You can view an encounter if: You can edit an encounter if: * You have the staff role. +* You're an orgAdmin and the Encounter belongs to a member of your org. * You reported the Encounter. * You have a collaboration with the owner and the owner grants you edit rights. *Note that edit rights can be revoked at any time.* From 9fb020b082996276dfa16cbc1fe21fd3aea1b024 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:23:03 -0700 Subject: [PATCH 03/11] Update index.md Consolidated info from site-admin.md and org-admin.md for simplicity --- docs/security/silo-security/index.md | 56 ++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 7 deletions(-) diff --git a/docs/security/silo-security/index.md b/docs/security/silo-security/index.md index 54ec106c..c8fe48a8 100644 --- a/docs/security/silo-security/index.md +++ b/docs/security/silo-security/index.md @@ -3,8 +3,6 @@ ```{toctree} :hidden: -org-admin -site-admin photo-keywords data-integrity library-management @@ -13,14 +11,58 @@ bulk-import-logs The **Silo Security model** lets users decide who they share their data with. The users who most commonly use it are those working on academic research or at-risk species. -Permissions are granted at Encounter-level, meaning a user can access any **Sighting**, **Individual**, or **Survey** as long as they have access to the **Encounter** those belong to. +Permissions are granted at the Encounter-level, meaning a user can access any **Sighting**, **Individual**, or **Survey** as long as they have access to the **Encounter** those belong to. ## User Roles -* **researcher** - Users that can manage their data and that of users they have an edit collaboration with, view data of users they have a view collaboration with, export thier and collaborator data, view their data integrity checks, and match and merge individuals. -* **orgAdmin** - Users that can create and edit but not delete users within their org, manage user collaborations within their org, create other orgAdmins for their org, export data within their org, view data integrity checks within their org. Users cannot edit the data or roles of any user with the staff role, even within the same org. -* **admin** - Users that can configure the Wildbook platform they belong to and can view ecological-related data integrity checks. -* **staff** - Users that can create, delete, and edit users; create and delete orgs; manage all user data; configure the Wildbook platform they belong to; view user-related and ecological-related data integrity checks. +**researcher** +* Users that can manage their data and that of users they have an edit collaboration with, view data of users they have a view collaboration with, export thier and collaborator data, view their data integrity checks, and match and merge individuals. + +**orgAdmin** +* Users that can create and edit but not delete users within their org, manage user collaborations within their org, create other orgAdmins for their org, export data within their org, view data integrity checks within their org. Users cannot edit the data or roles of any user with the staff role, even within the same org. + +**admin** +* Users that can view ecological-related data integrity checks and configure the Wildbook platform they belong to (such as managing [photo keywords](photo-keywords.md)). + +**staff** +* This role is intended for Wild Me organization members and is managed in the Wildbook's configuration setting (not within the platform). Staff can create, delete, and edit users; create and delete orgs; manage all user data; configure the Wildbook platform they belong to; and view user-related and ecological-related data integrity checks. + +## Managing Users + +### Adding Users + +OrgAdmins can create and add users to their organization. To get the orgAdmin role, contact a user with the *staff* or *orgAdmin* role of the organization you want to help administer. To create a new user: + +1. Go to **Administer**, then **User Management**. +2. Look for the **Create/Edit User** section. +3. Enter a *username, email, and password*. +4. Select the appropriate role based on the permission level you want the user to have. This is multi-select as the roles are not hierarchical. OrgAdmins cannot assign or remove the **admin** or **staff** role from other users. +5. Under **Organization Membership**, select your organization to add a user to it. +6. Click **Save**. + +### Deleting Users + +Only users with the **staff** role can delete another user. + +### Adding Users to your Organization + +1. Go to **Administer**, then **User Management.** +2. In the filter box, type a *username, first or last name, or other identifying information*. +3. Select a user from the user grid. +4. Find the **Organization Membership** field in the user’s information. +5. Select your organization to add a user to it. +6. Click **Save**. + +### Addressing Bulk Import Concerns + +As an orgAdmin, you can manage **bulk imports** for any user in your organization. + +1. Go to **Administer**, then **Bulk Import Logs**. +2. Select the desired *Bulk Import task* from the list. +3. Scroll to the bottom. You can take any of the following actions: + * **Send to detection**: Send all imported Encounters to Detection. This can only be done if all Encounters have not been sent to Detection. + * **Send to identification**: Send all imported Encounters to Detection and Identification. This can only be done if all Encounters have not been sent to Detection. + * **Delete ImportTask**: Delete the Bulk Import and the related data. This can be done at any time. ## Collaborations From f66418ab6e68c213ec94002f314142a899a8e0c9 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:26:05 -0700 Subject: [PATCH 04/11] Update photo-keywords.md Added that photo keywords are managed by users with admin role. --- docs/security/silo-security/photo-keywords.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/security/silo-security/photo-keywords.md b/docs/security/silo-security/photo-keywords.md index c52482e9..3c752b96 100644 --- a/docs/security/silo-security/photo-keywords.md +++ b/docs/security/silo-security/photo-keywords.md @@ -1,6 +1,6 @@ # Photo Keywords -Keywords are labels displayed on all annotations associated with a media asset. +Keywords are labels displayed on all annotations associated with a media asset. They can be managed by users with the **admin** role. ## Add a new keyword @@ -19,4 +19,4 @@ Keywords are labels displayed on all annotations associated with a media asset. 1. Go to **Administer**, then **Photo Keywords**. 2. Using the *Keyword to rename* field, select the existing keyword you want to rename. 3. In the *New keyword description (visible to users)* field, enter your preferred keyword. -4. Click **Rename**. *(Note: All instances of the original keyword will now display as the new keyword.)* \ No newline at end of file +4. Click **Rename**. *(Note: All instances of the original keyword will now display as the new keyword.)* From 81bb1e843af7432b8d17a3edd0a39d079bfc6f2a Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:35:15 -0700 Subject: [PATCH 05/11] Update bulk-import-logs.md Delete page. Info consolidated in index.md --- docs/security/silo-security/bulk-import-logs.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/docs/security/silo-security/bulk-import-logs.md b/docs/security/silo-security/bulk-import-logs.md index 001ee508..8b137891 100644 --- a/docs/security/silo-security/bulk-import-logs.md +++ b/docs/security/silo-security/bulk-import-logs.md @@ -1,10 +1 @@ -# Bulk Import Logs -As an Org-Admin, you can manage any Bulk Import in the system. - -1. Go to **Administer**, then **Bulk Import Logs**. -2. Select the desired Bulk Import task from the list. -3. You can take any of the following actions: - 1. **Send to detection:** Send all imported Encounters to Detection. This can only be done if all Encounters have not been sent to Detection. - 2. **Send to identification:** Send all imported Encounters to Detection and Identification. This can only be done if all Encounters have not been sent to Detection. - 3. **Delete ImportTask:** Delete the Bulk Import and the related data. This can be done at any time. \ No newline at end of file From e8746ac53abfc412142d79e35e5b69ba852c861e Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:55:11 -0700 Subject: [PATCH 06/11] Update data-integrity.md Updated Data Integrity page with new role permissions. --- docs/security/silo-security/data-integrity.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/security/silo-security/data-integrity.md b/docs/security/silo-security/data-integrity.md index b60ddb51..de261db2 100644 --- a/docs/security/silo-security/data-integrity.md +++ b/docs/security/silo-security/data-integrity.md @@ -8,15 +8,15 @@ Check your data for annotations that have been assigned to two or more different Look for duplicated annotations to clean up your data set. From here you can also see which bulk imports contributed to the duplicate annotations or if a single bulk import contained multiple duplicate annotations. -## Check Annotation iaClasses and MediaAsset States by Species (visible to admins only) +## Check Annotation iaClasses and MediaAsset States by Species (visible to staff, admins, and orgAdmins only) Look for old iaClasses on annotations and media assets that are stuck in a "pending" state. This can cause poor matching performance as they are ignored. The species list allows you to inspect the iaClass values assigned for each species as well as the detection state of media assets in the database. -## URL Access Security Checks (visible to admins only) +## URL Access Security Checks (visible to staff only) Look for URLs in Wildbook that should or should not be accessible to the public or users with certain roles. -## Wildbook Machine Learning Queue Monitoring (visible to admins only) +## Wildbook Machine Learning Queue Monitoring (visible to staff only) See a current snapshot and 24 hour historical review of the machine learning pipeline. This can help you determine if a specific user's uploads are contributing to a backlog. From 6d48e0658c6c3d3951aa93cfd5b87b68feffec85 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 14:59:01 -0700 Subject: [PATCH 07/11] Update org-admin.md Delete page because info has moved to index.md --- docs/security/silo-security/org-admin.md | 55 ------------------------ 1 file changed, 55 deletions(-) diff --git a/docs/security/silo-security/org-admin.md b/docs/security/silo-security/org-admin.md index 36afb17a..8b137891 100644 --- a/docs/security/silo-security/org-admin.md +++ b/docs/security/silo-security/org-admin.md @@ -1,56 +1 @@ -# Org admin -Under Silo Security, users are grouped under organizations, which typically align with real-world organizations. To ensure that organizational goals are met, Wild Me established the **Org-Admin Role**. These are platform members who will handle user management and address bulk import concerns for their organization. - -## How to apply for the Org-Admin Role - -To get the Org-Admin Role, contact either a *site admin* or an *org-admin* of the organization you want to help administer. - -## Managing Users - -### Adding Users - -As an Org-Admin, you are able to create and add users to your organization. Here’s what you need to know to create a new user: - -1. Go to **Administer**, then **User Management**. -2. Look for the **Create/Edit User** section. -3. Enter a *username, email, and password*. -4. Select the appropriate role based on the permission level you want the user to have. This is multi-select as the roles are not hierarchical. - * **orgAdmin** - users with administrative access to manage the organization. - * **Contributor** - users that access are limited to only submit Sightings - * **Researcher** - users that can manage their own data (Sightings and Individuals) and collaborations,  match and merge individuals, and search - * **User Manager** - users that can create and edit users, and manage user collaborations - * **Exporter** - users that can export all the data they own and collaborating with - * **Administrator** - users that can manage data and configure the Wildbook platform they belong to - * **Regions** - users that can see all data related to the region listed -5. Under **Organization Membership**, select your organization to add a user to it. -6. Click **Save**. - -### Deleting Users - -*Note: Make sure to remove all roles associated with the user account you want to disable and change their password. We recommend disabling over deleting a user account if their data is trusted.* - -1. Go to **Administer**, then **User Management**. -2. In the filter box, type a *username, first or last name, or other identifying information.* -3. Select a user from the user grid. -4. Click **Delete User** beneath the user’s information. - -## Adding Users to your Organization - -1. Go to **Administer**, then **User Management.** -2. In the filter box, type a *username, first or last name, or other identifying information*. -3. Select a user from the user grid. -4. Find the **Organization Membership** field in the user’s information. -5. Select your organization to add a user to it. -6. Click **Save**. - -## Addressing Bulk Import Concerns - -As an Org-Admin, you can manage **bulk imports** for any user in your organization. - -1. Go to **Administer**, then **Bulk Import Logs**. -2. Select the desired *Bulk Import task* from the list. -3. Scroll to the bottom. You can take any of the following actions: - * **Send to detection**: Send all imported Encounters to Detection. This can only be done if all Encounters have not been sent to Detection. - * **Send to identification**: Send all imported Encounters to Detection and Identification. This can only be done if all Encounters have not been sent to Detection. - * **Delete ImportTask**: Delete the Bulk Import and the related data. This can be done at any time. \ No newline at end of file From 307ea08af3b2e94b2340ddcfd3e8ec8227307301 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:00:10 -0700 Subject: [PATCH 08/11] Update site-admin.md Delete page because info has moved to index.md --- docs/security/silo-security/site-admin.md | 76 ----------------------- 1 file changed, 76 deletions(-) diff --git a/docs/security/silo-security/site-admin.md b/docs/security/silo-security/site-admin.md index c3fdac76..8b137891 100644 --- a/docs/security/silo-security/site-admin.md +++ b/docs/security/silo-security/site-admin.md @@ -1,77 +1 @@ -# Site admin -Under Silo Security, users are grouped under organizations, which typically align with real-world organizations. To ensure that organizational goals are met, Wild Me established the **Org-Admin Role**. These are platform members who will handle user management and address bulk import concerns for their organization. - -## How to apply for the Org-Admin Role - -To get the Org-Admin Role, contact either a *site admin or Wild Me*. You can manage the following aspects of a platform by using the top navigation and selecting **Administer**. - -## Logs - -* **User access logs** provide session information that indicates a user's IP address and sign-in time. -* **Encounter submissions log** provides Encounter creation information that indicates the time when Encounters are created to provide a reference to the encounter. -* **Deleted encounters log** provides a record of Encounters that were deleted and a reference to restore the Encounter using the Library Management functionality. -* Email log provides a record of the automated emails sent from the platform including the type of email, who it was sent to, and what time it was sent. - -## User Management - -### Add Users - -As an Admin, you can create users. To create a new user: - -1. Go to **Administer**, then **User Management**. -2. Scroll to the **Create/Edit User** section. -3. Enter a *username, email, and password.* -4. Select the appropriate role based on the permission level you want the user to have. This is multi-select as the roles are not hierarchical. - * **admin**: full site access. - * **orgAdmin**: grant administrative abilities to manage the organization. - * **researcher**: grant the ability to process and manage encounters, individuals, and sightings. -5. Click **Save** to create a new user. - -### Edit Users - -1. Go to **Administer**, then **User Management**. -2. Enter a *username, first or last name, or other identifying information* in the space provided. -3. Select a user from the user grid. -4. Make adjustments to the user as needed. -5. Click **Save** to update the user. - -### Disable Users - -Disable users that are leaving the platform or are having their access revoked. This maintain the data integrity between encounters. - -1. Go to **Administer**, then **User Management**. -2. Select a user from the user grid. To filter the grid, type a username, first name, last name, or email address in the space provided. -3. Take the following steps: - * Remove the user's roles and organizations. - * Change the user's password. - * Shut off the email notification. - * If your platform has the terms and conditions active, click to reset the field. -4. Click **Save** to disable the user. - -### Delete Users - -Only delete test accounts or accounts that have no data. - -1. Go to **Administer**, then **User Management**. -2. Enter a *username, first or last name, or other identifying information* in the space provided. -3. Select a user from the user grid. -4. Click **Delete User** beneath the user’s information. - -## Data Integrity - -### Check for Annotations with Multiple Individual IDs - -Coming soon. - -## Check Annotation iaClasses and MediaAsset States by Species - -Coming soon. - -## Find Annotations Duplicated in Two or More Encounters - -Coming soon. - -## URL Access Security Checks - -Coming soon. From 627d57e26909db7da04b6825dcae676a6bdf38e8 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:26:49 -0700 Subject: [PATCH 09/11] Update index.md --- docs/security/silo-security/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/security/silo-security/index.md b/docs/security/silo-security/index.md index c8fe48a8..f45bd9a0 100644 --- a/docs/security/silo-security/index.md +++ b/docs/security/silo-security/index.md @@ -11,21 +11,21 @@ bulk-import-logs The **Silo Security model** lets users decide who they share their data with. The users who most commonly use it are those working on academic research or at-risk species. -Permissions are granted at the Encounter-level, meaning a user can access any **Sighting**, **Individual**, or **Survey** as long as they have access to the **Encounter** those belong to. +Permissions are granted at the Encounter level, meaning a user can access any **Sighting**, **Individual**, or **Survey** as long as they have access to the **Encounter** those belong to. ## User Roles **researcher** -* Users that can manage their data and that of users they have an edit collaboration with, view data of users they have a view collaboration with, export thier and collaborator data, view their data integrity checks, and match and merge individuals. +* Users that can manage their data and that of users they have an edit collaboration with, view data of users they have a view collaboration with, export their data and that of users they have a collaboration with, view their data integrity checks, and match and merge individuals. **orgAdmin** -* Users that can create and edit but not delete users within their org, manage user collaborations within their org, create other orgAdmins for their org, export data within their org, view data integrity checks within their org. Users cannot edit the data or roles of any user with the staff role, even within the same org. +* Users that can create and edit users within their org, manage user collaborations within their org, create other orgAdmins for their org, export data within their org, view data integrity checks within their org. OrgAdmins cannot edit the data or roles of any user with the **staff** or **admin** role, even within the same org. **admin** * Users that can view ecological-related data integrity checks and configure the Wildbook platform they belong to (such as managing [photo keywords](photo-keywords.md)). **staff** -* This role is intended for Wild Me organization members and is managed in the Wildbook's configuration setting (not within the platform). Staff can create, delete, and edit users; create and delete orgs; manage all user data; configure the Wildbook platform they belong to; and view user-related and ecological-related data integrity checks. +* This role is intended for Conservation X Labs organization members and is managed in the Wildbook's configuration setting (not within the platform). Staff can create, delete, and edit users; create and delete orgs; manage all user data; configure the Wildbook platform they belong to; and view user-related and ecological-related data integrity checks. ## Managing Users @@ -55,7 +55,7 @@ Only users with the **staff** role can delete another user. ### Addressing Bulk Import Concerns -As an orgAdmin, you can manage **bulk imports** for any user in your organization. +OrgAdmins can manage **bulk imports** for any user in their organization. 1. Go to **Administer**, then **Bulk Import Logs**. 2. Select the desired *Bulk Import task* from the list. From 7aca7f51a3f0fb8d46f589b2d566a747f8a825e2 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:40:27 -0700 Subject: [PATCH 10/11] Update Security/index.md - Remove location-based role information. - Simplify language for readbility. --- docs/security/index.md | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/docs/security/index.md b/docs/security/index.md index a1d31456..d654fe04 100644 --- a/docs/security/index.md +++ b/docs/security/index.md @@ -7,30 +7,18 @@ my-account silo-security/index ``` -Wildbook provides broad flexibility in securing **data ownership** and **visibility**. For example, a Wildbook could be completely secured to only ever be accessible to a User who has logged in, blocking any public visibility of data. In another configuration, Wildbook can be a very visible repository of global data (see the [Sharks Wildbook](https://www.sharkbook.ai) for an example) but only allow for data curation by authenticated and pre-approved researchers and volunteers. And there are many possible configurations in between. Check with the Administrator of your Wildbook(s) for more information about the security model followed. +Wildbook provides flexibility in securing **data ownership** and **visibility**. For example, a Wildbook could be completely secured to only ever be accessible to a user who has logged in, blocking any public visibility of data. In another configuration, Wildbook can be a very visible repository of global data (see [Sharkbook](https://www.sharkbook.ai)) but only allow for data curation by pre-approved users. -## General Security Models +### Silo Security Model -Wildbooks generally follow **two security models**. +[Silo Security](silo-security/index.md) provides a secure sandbox for individual users to enter and curate their data. -### Silo Security - -[Silo Security](silo-security/index.md) provides a secure sandbox for individual Users to enter and curate their data. Here is a quick summary: - -* Your User data is visible only to you. -* You can share data visibility and data curation with other, specific Users in Wildbook via pairwise Collaborations, which must be reciprocally approved at the "view-only" and "edit" levels, respectively. -* Other users can potentially match individual animals from your catalog but must have a Collaboration with you to set the match ID and affect your catalog. -* Other users attempting to view your data will be blocked from reviewing your Encounters and Marked Individuals and be prompted to extend you an invitation for a Collaboration. Invitations and acceptances can be sent inside Wildbook. +* Your user data is visible only to you. +* You can share data specific users in Wildbook via [Collaborations](../security/silo-security/index.md#Collaborations), which must be reciprocally approved at the "view-only" and "edit" level. +* Users can match individual animals from your catalog but must have an edit Collaboration with you to set the match ID and affect your catalog. +* Users attempting to view your data will be blocked from seeing your Encounters and Marked Individuals and be prompted to send you a Collaboration request. Examples of Silo Security-based Wildbooks include: * [Flukebook](https://www.flukebook.org) * [African Carnivore Wildbook](https://africancarnivore.wildbook.org) - -### Location-based Role Security - -Location-based Role Security pairs User Roles in Wildbook with specific study sites around the globe, as reflected in the **Encounter.locationID** data field. For example, a User with the "Mozambique" role assigned to their User Account can edit data assigned to Encounters with the the **locationID** (a.k.a "study site") named "Mozambique". In this mode, all researchers within a catalog can view all data, but only Users with the correct location role can curate a particular Encounter. This model creates effective groups of collaborators in a geographic location while providing global visibility to the broader research community. -Examples of Location-based Role Security Wildbooks include: - -* [Sharkbook](https://www.sharkbook.ai) -* [MantaMatcher](https://www.mantamatcher.org) \ No newline at end of file From 154e74f76f96d60112c53c264538d2f72beaed26 Mon Sep 17 00:00:00 2001 From: goddesswarship <103530016+goddesswarship@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:55:10 -0700 Subject: [PATCH 11/11] Update to Introduction/security-overview.md Reduced information to a summary since this content was otherwise a duplicate of the Security Overview page --- docs/introduction/security-overview.md | 37 ++------------------------ 1 file changed, 2 insertions(+), 35 deletions(-) diff --git a/docs/introduction/security-overview.md b/docs/introduction/security-overview.md index 3a577d8f..3fad735b 100644 --- a/docs/introduction/security-overview.md +++ b/docs/introduction/security-overview.md @@ -1,38 +1,5 @@ # Security Overview -Wildbook provides broad flexibility in **securing data ownership** and **visibility**. For example, a Wildbook could be completely secured to only ever be accessible to a User who has logged in, blocking any public visibility of data. +Wildbook provides flexibility in **securing data ownership** and **visibility**. For example, a Wildbook could be completely secured to only ever be accessible to a user who has logged in, blocking any public visibility of data. In another configuration, Wildbook can be a very visible repository of global data (see [Sharkbook](https://www.sharkbook.ai/)) but only allow for data curation by pre-approved users. -In another configuration, Wildbook can be a very visible repository of global data (see the [sharkbook.ai formerly Wildbook for Whalesharks ](https://www.whaleshark.org/) for an example) but only allow for data curation by authenticated and pre-approved researchers and volunteers. And there are many possible configurations in between. - -Check with the Administrator of your Wildbook(s) for more information about the security model followed. - -## General Security Models - -Wildbooks generally follow **two security models**. - -### Silo Security - -**Silo Security** provides a secure sandbox for individual Users to enter and curate their data. Here is a quick summary: - -* Your User data is visible only to you. -* You can share data visibility and data curation with other, specific Users in Wildbook via pairwise Collaborations, which must be reciprocally approved at the "view-only" and "edit" levels, respectively. -* Other users can potentially match individual animals from your catalog but must have a Collaboration with you to set the match ID and affect your catalog. -* Other Users attempting to view your data will be blocked from reviewing your Encounters and Marked Individuals and be prompted to extend you an invitation for a Collaboration. Invitations and acceptances can sent inside Wildbook. - -[For more information about Silo Security, click here.](../security/silo-security/index.md) - -Examples of Silo Security-based Wildbooks include: - -* [Flukebook](https://www.flukebook.org) -* [African Carnivore Wildbook](https://africancarnivore.wildbook.org) - -### Location-based Role Security - -**Location-based Role Security** pairs User Roles in Wildbook with specific study sites around the globe, as reflected in the **Encounter.locationID** data field. For example, a User with the "Mozambique" role assigned to their User Account can edit data assigned to Encounters with the the **locationID** (a.k.a "study site") named "Mozambique". - -In this mode, all researchers within a catalog can view all data, but only Users with the correct location role can curate a particular Encounter. This model creates effective groups of collaborators in a geographic location while providing global visibility to the broader research community. - -Examples of Location-based Role Security Wildbooks include: - -* [sharkbook.ai formerly Wildbook for Whalesharks](https://www.whaleshark.org/) -* [MantaMatcher](https://www.mantamatcher.org) \ No newline at end of file +To learn more, see [Silo Security](../security/silo-security/index.md).