Tool Search: Data Access Rights
Within each zone, specific data objects are defined for exchange. These exchange objects are set through the Access Control Log (ACL) editor. Please review the Data Interchange article for more information.
This article includes the following topics:
Data Access Rights
Set Up Data Access Rights
Assigning data access rights is a two-fold process. The data access rights of the SIF and Campus agents must both be configured. In general, the Campus and SIF agents in the SIF zone will have opposite access rights to the exchanged data objects.
For example, if the SIF agent wishes to receive data related to the StudentAttendanceSummary object, it will be set to Req(uest) changes and Sub(scribe) to updates from Campus related to this object. Contrarily, the Campus agent should be set to Resp(ond) to requests and Prov(ide) updates to the SIF agent related to the StudentAttendanceSummary object.
In addition, the Campus agent can be further configured to notify the SIF agent on specific types of updates to the StudentAttendanceSummary object; that is, Add (new record created), Chng (record updated) and/or Del (record removed) actions. For more information, please see the Understanding SIF Data Access Rights section.
The Campus agent should not be set to Req(uest) or Sub(scribe) to data object updates from the SIF agent (other than the Exception Objects); likewise, the SIF agent should not be set to Prov(ide) or Resp(ond) data object updates to Campus.
Understand SIF Data Access Rights
The Campus ZIS maintains an Access Control List (ACL) that contains data access rights for each agent exchanging data in a zone. The data access rights specify how certain data objects may be exchanged.
The access rights must be setup for both agents in the zone (i.e., access rights assigned for both the Campus agent and the SIF agent) before data exchange can occur. Access rights should also be set before the SIF agent registers and sends its provision messages.
Clicking the DISDataAccess button manually adds a new dropdown field from which data objects may be selected. SIF data objects are available in the dropdown fields. The value in the parentheses following a SIF object name indicates the version in which the object was first made available.
The data rights are two-fold: they indicate the type of data exchange action (e.g., Req[uest], Resp[ond], Sub[scribe], Prov[ide]) for each data object an agent will exchange. The OK checkbox next to the action indicates that the agent is allowed to perform that action. Both the action checkbox and the OK checkbox should be flagged, as appropriate, for data exchange objects.
Data Access Rights
Checkboxes will display a tool tip, when hovered upon, reminding the user of the implications associated with flagging each checkbox.
Data Exchange Actions
Req -- (Request) Agent will send periodic request messages to fetch queued data related to the selected object.
OK -- (Request) Agent allowed to request messages for the selected object.
Sub -- (Subscribe) Agent can subscribe to all events (add, change, delete) related to the selected object as they occur.
OK – (Subscribe) Subscribe allowed for the selected object.
Res – (Respond) Agent can respond to requests for the selected object.
OK – (Respond) Respond allowed for the selected object.
Prov – (Provide) Agent can provide/publish changes for the selected object.
OK – (Provide) Provide allowed for the selected object.
Data Exchange Actions
Add – Agent can publish changes involving modification of existing records.
OK – (Add) Add publishing allowed for the selected object.
Chng – (Change) Agent can publish changes involving modification of existing records.
OK – (Change) Change publishing allowed for the selected object.
Del – (Delete) Agent can publish changes involving deletion of existing records.
OK – (Delete) Delete publishing allowed for the selected object.
Rights for the agents in the zone should be inversed; that is, if the SIF agent should request/subscribe to changes of a data object, then the Campus agents should respond/provide changes for that object.
Example
If the Campus agent should provide Campus-based changes within the StudentPersonal object to the non-Campus system, AND should also subscribe to change events to pick up student stateIDs from the non-Campus system, the following setup would occur:
Campus Agent -- Sub, Resp, Prov, Add, Chng, Del and the corresponding OK checkboxes would be flagged.
Campus Agent
SIF Agent - Req, Sub, Add, Chng, Del and the corresponding OK rights would be flagged.
SIF Agent
Assign SIF Agent Data Access Rights
The SIF Agent data access rights must be configured to specify which data object updates the third-party system will receive from Campus.
SIF Agent Data Access Rights
To configure the data access rights of the SIF agent:
- Click on the SIF agent within the SIF zone.
- Click the Add DISDataAccess button.
Select a SIF data object for which the SIF agent should be updated when changes occur in Campus.
These should be the same objects set for SIF agent when Assign Campus Agent Data Access Rights).
Check the Req(uest), Sub(scribe) and corresponding OK boxes if the SIF agent should be notified of changes to this data object from Campus.
The Campus agent must be set to Resp(ond) and Prov(ide) changes about this data object to the SIF agent.
- Click Save to record the SIF agent's access rights for this data object.
- Repeat the previous steps 1-5 for each data object about which the SIF agent should be updated.
Assign Campus Agent Data Access Rights
The Campus Agent data access rights must be configured to specify which data object updates the third-party system will receive from Campus.
Campus Agent Data Access Rights
To configure the data access rights of the Campus agent:
- Click on the Campus agent within the SIF zone.
- Click the Add DISDataAccess button.
Select a SIF data object about which the Campus agent should publish changes.
These should be the same objects set for SIF agent when Assign SIF Agent Data Access Rights).
Check the Res(pond), Prov(ide) and corresponding OK box if Campus should publish changes about the data object to the SIF agent.
The SIF agent must be set to Sub(scribe) and Req(uest) changes about these data objects.
- Click Save to record the Campus agent's access rights for this data object.
- Repeat the previous steps 1-5 for each data object for which the Campus agent should relay changes to the SIF agent.
Unauthorized SIF Agents
If the ACL/data access rights have not been configured for the SIF agent, Campus will still allow a SIF_Register message. If a SIF_Register message is received for SIF agent without a configured ACL, an agent record will be created, but the agent will not be authorized to exchange data (i.e., the agent’s Status field will display a value of “Unauthorized” on the Agent tool).
All other messages from the agent will be rejected until a user manually approves the agent by entering the necessary information, setting the data access control rights, and changing the agent’s Status field value to “Authorized.”
