Rover Retriever allows an organization to provide shared information to many employees; however, some information might only be applicable to an individual or group of people, therefore requiring a means of limiting access to certain elements to certain people.

User-Level security is the most flexible and secure method of protecting the sensitive data, code, and applications managed by Rover Gateway. In addition, User-Level security allows you to establish different levels of access to each Rover Gateway item. Because all access to the data is secured by the Gateway, User-Level security is enforced the same way regardless of the mobile device being used to retrieve the data.

Rover Gateway provides a robust and powerful security model that gives you a great deal of control over a users' access to your server and the data it contains. It is important to understand the basic concepts of User-Level security to protect your sensitive data. The following section contains detailed information to help you understand the model before you implement security for your Rover Gateway.

Securing data on Rover Gateway can be compared to securing items in a house. Let’s start by exploring home security concepts and then see how they relate to Rover Gateway security.

We’ll start with securing the entire house. The front door provides access to the house. We can restrict access to the house by providing house keys only to people we want in the house. Similarly, the front door for Rover Gateway is the initial sign in screen. Only users given a key, user name and password, are able to open the front door.

Once the front door is unlocked, the guest can only see what we want to show them. Any items we do not want seen by everyone with a front door key can be placed in a separate room behind another locked door. Likewise, Rover Gateway can make information available to users with only a front door key or it can further restrict access by placing information in separate rooms and restricting who is supplied keys to those rooms.

Users entering the front door of Rover Gateway can see the main menu. Submenu items can be added and become new rooms in the house. By default these new submenus, or rooms, do not have a lock. The Rover Gateway administrator can configure which rooms require a lock and only provide keys to specific users.

Rover Gateway can access a variety of data including files, folders, data extracted from an Excel spreadsheet, content from a Web Service, the output of a CGI script, and custom connectors for access to other resources. Each of these items can be placed in any room. By default the data is available to anyone with a key to the room the item is placed in.

In a house, even items within a room can have further access restrictions, for example, a locked file cabinet. This introduces a new level of security, restricting access to individual items in a room. Rover Gateway can also restrict users from accessing individual items in a room. By default new items added to a room are available to anyone with a key to that room. However, access to individual items can be restricted by locking the item in a file cabinet.

Unlike a traditional house, the Rover Gateway is not restricted by a set number of rooms or by space limitations for the number of file cabinets a room can hold. We can create any number of rooms and add any number of file cabinets to a room to continue to refine user access.

Now that you understand the basic security concepts, let’s see how to configure User-Level security in the Rover Gateway control panel.

To start let’s sign in to the Rover Gateway control panel.

Select the ‘Site’ tab.

To continue with our home analogy, the top level menu, ’My Gateway’, is what a user sees when opening the front door. By default anyone with a username and password to access Rover Gateway can see all items in this room. We can restrict access to items in this menu a couple of ways. First, we can move one or more items into a separate room. Second, we can put individual items in a room into their own file cabinet.

Let’s examine the configuration steps for these scenarios.

Putting items in a new room

When you have a group of items with similar access restrictions, you can place these items in a new room. Rooms can contain any number of items and even lead to other rooms. Each item in the room, including access to new rooms, can only be unlocked by users who have a key to the room containing the items. For example, you can create separate rooms for Sales, Marketing and Engineering. The sales people are given keys to the Sales room but not the Marketing or Engineering rooms. General sales items can be retrieved by all sales people. Other content, like my personal sales numbers, can be locked in a file cabinet or moved to a separate room that I alone have a key to access.

Let’s add a submenu to create a new room.

Start by selecting the top level menu, in this example, ‘My Gateway’. The description should say ‘this item presents a menu.’

Select ‘Add item to this menu…’.

Select ‘A submenu’ as the information you would like to add to this menu.

Title the submenu ‘My Submenu’.

Select ‘Save item setup’ to complete the submenu creation.

This room, ‘My Submenu’, can now be used to place items with similar access restrictions or simply to group common items.

Select ‘Limit access for this item…’. The access restrictions set for this room will be the default access restrictions for any items added to this room. In other words, only people given keys to this room will have access to the items placed in the room.

All users with access to this room are displayed. Select the check box next to each user you would like to give a key to this room.

Select ‘Done’ to complete the access restrictions.

If you set access restrictions but did not select any users you will receive the following message.

This means that you locked the room but did not give anybody a key. You may actually want to do this. This is a convenient way to stage items and make sure nobody has access until it is ready. The warning is displayed in case you did not mean to restrict access to everyone. Selecting ‘Lift access restriction’ will unlock the room. Selecting ‘Select users for this item…’ will take you back to the user list and allow you to select specific users to give a key too.

If you set access restrictions and gave at least one user a key you will receive the following message.

The list of users given a key to this item is displayed in the Access area. You can always lift the access restriction or edit the user access list by coming back to this screen. In this example only Amy, Ben, Cindy and David now have access to ‘My Submenu’.

Any other user trying to access this item will receive the following message:

In most cases users without access to an item will not even see that item in the menu list.

Once again, individual items in a room can be placed in a locked file cabinet or a new room to further refine access restrictions.

Putting individual items in a room into a locked file cabinet

We can put any item in a room into a locked file cabinet, thereby requiring a user to have a key to access that single item.

Select the item you want to lock in the file cabinet, in this example, ‘My Documents’. The description should say ‘this item shows the files and subfolders in the folder...’

Then, select ‘Limit access for this item…’

Select the check box next to each user you would like to give a key to unlock the ‘My Documents’ file cabinet.

Select ‘Done’ to complete the access restrictions.

The list of users given a key to this item is displayed in the Access area.