Security¶
Survey Isolation¶
Surveys are placed inside an Organisational Hierarchy. Firstly inside projects, projects inside organisations and organisations inside enterprises. Access to each of these can be managed by assigning users access.
Groups¶
Users can be assigned one or more Security Groups such as "Administrator" or "Analyst". These groups determine the functionality that the user can access.
Role Based Access Control¶
Role Based Access Control can be used to provide fine grained control over access.
Password Strength¶
This feature is available with version 22.04 of the server.
A minimum password strength can be set for user passwords. When a user changes their password they will be required to set a new password that is at least as strong as the minimum.
The minimum strength can be set for the Server and/or the organisation Settings. The maximum of the two values set will be used.
The strength of a password reflects its randomness and avoidance of common words used by password breakers. The following table shows sample password values and their strength;
password | strength | comment |
---|---|---|
password | 1 | very weak |
Passw0rd | 10 | very weak |
b0Gota987 | 23 | reasonable |
q2@dFgVPx | 51 | strong |
q2@dFgVPxFvv%67d | 77 | very strong |
Note
All of the above example passwords have been blocked from use if password strength is set above 0
Password strength checking is only applied if the user has one of the following security groups:
* Server owner
* Enterprise Administrator
* Security Manager
* Administrator
* Analyst
* View Data
* Dashboard