Security Collections

  • Updated on Feb 16, 2024
  • Published on Oct 19, 2021
  • 4 minute(s) read
Prev Next

The Search Appliance allows for the creation of security collections of data that are used to limit the information a user has access to. Security collections are query-based and allow the inclusion or exclusion of selected records in search results for groups. Often collections use sets for these purposes. After a collection is created, the users in that group do not have access to any additional information unless additional permissions are granted.

Security collections are additive. This means that if a user is made part of a collection and then added to another, the user has access to information from both even if one of them is more restrictive than the other.


Creating or Verifying Prerequisites

Some preliminary steps are needed in order to create collections:

  1. Verify or create all users necessary for the collection. Make sure users are not assigned to extra groups that give them greater access than desired.
  2. Verify or create the group. Any user that should have limited access must be assigned to a group; however, the group may consist of one user.
  3. Create a set definition if needed. Remember that the data within sets is unchanging and must be updated in order for new records to be included.
Click on image to zoom

Creating a Security Collection

  1. In the navigation pane, click Security Collections.
  2. Click add_circle.
  3. Type the Name of the collection. Spaces are not supported and cannot be used in collection names. Use camel case or underscores to help distinguish words if needed: CamelotKnights or knights_of_camelot.
  4. Type the Description of the collection.
  5. Choose the Access Type:
    • Full data access gives the users access to all data on the server.
    • Query-based access gives user access only to the data found within the query entered. Any query the users run uses data found within the query entered here to get results. See below for more information on entering the query.
  6. Assign the collection to the desired group or groups.
    • Click add by the group name to add an individual group.
    • Click fast_forward to add all groups at one time.
  7. Click Save.

Clicking arrow_back returns you to the list of collections without saving the changes.

Click on image to zoom

Editing a Security Collection

After clicking on the desired collection, click on the section you'd like to edit when the details panel on the right opens.

  1. Locate and click the collection.
  2. Edit the Description by clicking edit.
  3. Edit the Data Access by clicking edit. See below for more information on entering the query.
  4. Reassign the collection to the desired group or groups by clicking Manage Groups. Move the groups to the proper columns:
    • Click add by the group name to add an individual group.
    • Click fast_forward to add all groups at one time.
    • Click close by the group name to remove an individual group.
    • Click fast_rewind to remove all groups at one time.
    • Click Reset to return all groups to their original position.
    • Click Save.
collections-includes-1Click on image to zoom

Entering the Query

The accessible data for each collection is determined by a query. Use Boolean syntax to properly write the query that contains all necessary terms. IMAT suggests first writing and running the query in the single query builder to verify that you are getting the expected results and that the query is written correctly. After you are satisfied that it is correct, copy the query to Security Collections.

Some common query examples are found below for set definitions and facilities.

These are examples of collections using NREF collections with or without sets:

  • ()s.sending_facility:"Camelot Physicians"
  • ()SET:__myset__

These are examples for collections using PatientIDN collections. Notice the use of FILTER is required with PatientIDN.

  • ()FILTER(PatientIDN:SET:__myset__)
  • ()s.sending_facility:"123 Pediatrics" FILTER(PatientIDN:SET:__ABC_Pediatrics__)

You may choose to enter NOT as part of the query to exclude specific data:

  • ()SET:__myset__ NOT (SET:__mySubset__)

Keep in mind that if you use sets, the information in the set does not change until the set has been updated through Set Definitions.

Note:
Queries cannot contain hard line breaks. Enter the entire query on one line. If the text wraps around on its own, that is acceptable, but do not press Enter on your keyboard.
Click on image to zoom

Viewing Security Collection Details

The security collection screen displays a table of the collection details: the name, provider, description, how many groups are assigned, and if the data allows access to all information or if it is limited. A check appears in the Full Access column (hidden by the open details panel in the image to the left) if no query has been entered.

Clicking on a collection opens a panel to the right. This displays the same information with the addition of the query. It also allows access to the edit and delete buttons.


Understanding Default Security Collections

The server comes with two preconfigured security collections: public and system. Public is a read-only collection and the settings are established when setting up the server. In most cases, it should have closed access; if it has full access, than no security is present. The system collection gives all searchappliance_system users access to all data.

Click on image to zoom

Deleting a Security Collection

  1. In the navigation pane, click Security Collections.
  2. Locate and click the collection.
  3. Click Delete.
  4. Confirm you would like to delete the collection.