Kavi® Members Help

Chapter 11. Access

Interlocking Security Features

Kavi Members has many interlocking security features that provide fine-grained control over user access to your organization's website. It begins with control over the membership application and user signup processes, subsequent assignment of types and roles that grant access permissions, then activation, user authentication and login. Finally, pages and page elements are displayed (or not displayed) depending on the user's roles and access privileges. These topics are introduced in preceding sections of the help—this is the document that brings them all together.

This document assumes you are familiar with concepts that have already been introduced in the help, particularly Roles, Types and Status, Activation and Deletion. You may also be interested in previewing membership Concepts documents, such as Member and Company Representative Signup and Membership Workflow.

If your organization has Kavi Membership, you may also want to read Membership, Membership Workflow and Setting Up Membership Types.

Back to top

Built-In Access Areas

Although it is possible to create any number of different access areas on a Kavi-supported Web site, there are basic access levels intrinsic to Kavi Members tools that apply to all sites. These include Public Tools (available to unauthenticated and other users), Members Tools (tools available to authenticated users), Admin Tools and Super Admin Tools.

Figure 11.1. Schema of Main Access Areas

Graphic showing the four main access
	    areas, with Public as the lowest level, followed by
	    Members, Admin and Super Admin as the
	    highest. Company Admin Area is shown as a subsection of the Members
	  Area, and Report Admin is shown as a subsection of the
	    Admin Area.

This shows the four main access areas. The Public level is lowest. There are no access controls imposed for this area, so it is accessible by everyone.

The Members Area can only be accessed by authenticated users who have the 'member' role in their role cache. This level includes a Company Admin area that provides tools and access to a specific company's data that is controlled by the 'company_admin' role.

The Admin Area is available only to Organization Admins and other users with the 'org_admin' or 'super_admin' role. Users with 'company_admin' do not have access to these tools, as these tools provide access to all data records. A separate Report Admin area at the Admin level is controlled by the 'report_admin' role. The 'report_admin' role doesn't grant access to other Admin tools, but the 'org_admin' role grants access to both the Admin and Report areas.

The Super Admin Area is the highest access level. Lower-level roles don't provide access to this level, but the 'super_admin' role provides access to all administrative levels (except Company Admin) and all data records in the Kavi Members database.

Back to top

The Big Picture

Gated Acquisition of Login Privileges

Image of a gate, representing
	    gated acquisition of login privileges.

Signup processes gate user acquisition of login privileges. New companies or users can only acquire login privileges by successful completion of controlled processes such as membership application and company representative signup. Some organizations accept new member applications through online forms while other organizations use an invitation-only process. Once a company has been granted membership, users who belong to that company will be allowed to signup as representatives. There are several ways control can be interjected into these processes, including restrictions imposed through Web forms, billing and moderator approval.

Online membership applications may include click-through forms used to indicate agreement with terms and conditions. A moderation step provides opportunities for hardcopy prerequisites such as signed IPR agreements to be delivered and subjected to a legal review and approval before membership is granted.

Prospective member company representatives may be required to provide a company-issued email address as their primary email address by enforcing accepted domains, and may be matched with their company based on this address. To give the company control over who represents it to the organization, the company's Primary Contact or Company Admin may be allowed to add new representatives directly.

Individuals who belong to staff companies or work directly for the organization aren't allowed to signup online, since these companies may be assigned types that confer privileged roles from the Admin and Editor categories. Instead, administrators and staff must be manually added by other administrators.

Assigning Types to Confer Roles and Access

Control features in a series: the gate plus a keyring
	    (keys represent roles) labeled "Type."

As a company or user is added to the Kavi Members database, they are assigned one or more types to classify them according to their relationship to the organization. These types confer whatever roles are needed to grant the level of site access required by that type.

Roles that confer access to the Members level may be conferred through types assigned through membership or through types assigned to staff or administrators, rather than members and member company representatives.

When a member company representative is signed up as a Primary Contact, Company Administrator or Company Editor, they are automatically assigned a corresponding type that confers the administrative or editorial role with the permissions they need to manage company data or edit company-maintained content on the site.

Types designed for organization staff and administrators are manually assigned by other administrators who already hold the same (or higher) level of privileges.

The Status Switch

Graphical image of the gate, keyring and
	  switch set to "on."

Even if a company or user exists in the database and has been assigned a type that confers roles, they won't be able to access the site unless their status is 'active'. When set to 'inactive', the Status setting overrides and disables login privileges granted through roles.

For example, a new user is added to the Kavi Members database as soon as their membership application is approved, even though the membership term hasn't started. User Types assigned through membership are added automatically at the same time. But this user shouldn't appear in Members rosters or be able to login to the site to exercise membership privileges until the membership becomes current. Since this membership is in a pending state when the individual is added, their status is set to 'inactive'. When the membership goes current, this individual's status will be automatically reset to 'active'.

Administrators can reset Status manually to toggle user access and visibility (whether the user appears in rosters, etc.) off and on, although setting a user to 'active' won't restore access if the user's types and roles have been revoked. This feature can be used to temporarily revoke access for a company or user who has temporarily lost their standing in the organization because of lapsed membership, uncertainty about whether a user is still at the member company they signed up to represent, etc.

Authentication and Login

Graphical image of the gate, keyring,
	    switch and stamp of authentication.

Once a user is added to the Kavi Members database, assigned types that grant roles and access and activated, an email with a login link is sent to the user's primary email address. The user clicks this link to access protected areas of the organization's Web site for the first time, and is taken directly to a page where they can set the password they will use to access the site from now on.

Kavi Members manages login for Kavi-supported Web sites. Like all Kavi applications, it follows industry-standard best practices for Web site security, as published in the Kavi Development Standards and Guidelines. Sites that have Kavi® Billing and Kavi® Commerce installed have the added protection of SSL encryption for pages that manage billing information. Users must login and be authenticated (the username and password they provide must match a username and password in the database) before they can access any of the protected areas of the site. Every authenticated user has access to the My Account page where the user can manage their personal data. But whenever the Web server receives a request to display a new page from a user's browser, it verifies whether the user's role cache contains a role that grants access to the page and its content.

Page-Level Access Control

Graphical image of the gate, keyring,
	    switch, stamp of authentication and page display after
	    role check with some content displayed and other content hidden.

A Web page is the basic unit of a Web site, but page-level controls can be exerted over elements contained within a page, including sub-forms and links. Access to a page and its child elements is controlled through roles. When a user tries to view a Web page, their browser sends a request to the Web server which checks the user's role cache to see what roles the user has. Then the server checks the page to see what roles are allowed to view it. If the user has one of these roles, the page is displayed. Subelements within the page may require other roles, so any content that requires a role the user doesn't have in their role cache will remain hidden.

Different User Views of the Same Page

Here is an example of how the Members Landing page might display differently depending on which roles are in a user's role cache. The first view shows the way the page displays to a user who has the 'Organization Admin' User Type, which conveys the 'org_admin' role. The second view shows the same page displayed to a user who is 'Primary Contact' (a Contact Type that confers the 'company_admin' role) for a Board Member company (through which the user inherits the 'member' and 'board' roles).

Figure 11.2. How the Members landing page displays to a user with the 'org_admin' role

A graphic representing the way the
	      Members Landing page
	      displays to someone who has the 'org_admin' role in
	    their role cache.

The way the Members Landing page might display to someone with the 'org_admin' role. This role is assigned to highly privileged users in charge of maintaining the organization's Web site. It provides access to the Admin Area and lower Member and Public levels. This is especially evident in the left hand navigation pane, which includes links to Admin Home and Reports Home that aren't present in the page view displayed to the Primary Contact in the next example.

Figure 11.3. How the Members landing page displays to a user with the 'member', 'board' and 'company_admin' roles.

A graphic representing the way the
	      Members Landing page
	      displays to someone who has the 'member',
	'board' and 'company_admin' roles in
	    their role cache.

This example shows the way that the Members landing page might display to someone with the 'member', 'board' and 'company_admin' roles. The navigation includes links to Public and Members Areas that are displayed to all account holders, with an additional Board-Member-only link that is only displayed to representatives of Board companies. The page also displays the 'My Company' link, which is shown to Primary Contacts and other company administrators who have the 'company_admin' role. Tools available through this link allow Primary Contacts to manage their company's roster and other data. This link isn't displayed to Organization Admins unless they are also designated as Primary Contact for their company.

Back to top