Uploaded image for project: 'Kuali Rice Roadmap'
  1. Kuali Rice Roadmap
  2. KRRM-44

Security Metadata - Data Dictionary enhancements

    Details

    • Rice Theme:
      Ease of Implementation
    • Priority Score:
      5
    • Functional Justification :
      Hide
      Kuali partner and user schools are faced with many different obligations for the security of information in institutional systems. Requirements are based on the type of institution (public vs. private) and on the kind of work the institution does (higher education, medical research center, classified research), and Federal, State, and local laws. These demands may require that the institution collect certain data elements while limiting who may see these data elements, and when. For some instances, setting up user roles/rights is sufficient to restrict access to secure data elements. In other cases, this may hinder day-to-day business processes and needs.

      Research administration examples:

      In these cases, users with legitimate access to institutional systems may still be restricted from viewing/searching/reporting certain data elements.
      - Institutions will have many users with rights to create proposals and budgets. Some private institutions do not allow users to see salary data for individuals, but salaries are required to calculate proposal budgets.
      - Financial and non-financial information related to patient care. Institutions with hospitals and/or medical research centers are required by law to protect data.
      - Export control and classified research. For such work, it may be necessary to restrict access to the award documents and other data elements.

      Relevant federal laws that impact functions across campus: HIPAA, FERPA, FIPPA, ITAR/EAR, etc
      Show
      Kuali partner and user schools are faced with many different obligations for the security of information in institutional systems. Requirements are based on the type of institution (public vs. private) and on the kind of work the institution does (higher education, medical research center, classified research), and Federal, State, and local laws. These demands may require that the institution collect certain data elements while limiting who may see these data elements, and when. For some instances, setting up user roles/rights is sufficient to restrict access to secure data elements. In other cases, this may hinder day-to-day business processes and needs. Research administration examples: In these cases, users with legitimate access to institutional systems may still be restricted from viewing/searching/reporting certain data elements. - Institutions will have many users with rights to create proposals and budgets. Some private institutions do not allow users to see salary data for individuals, but salaries are required to calculate proposal budgets. - Financial and non-financial information related to patient care. Institutions with hospitals and/or medical research centers are required by law to protect data. - Export control and classified research. For such work, it may be necessary to restrict access to the award documents and other data elements. Relevant federal laws that impact functions across campus: HIPAA, FERPA, FIPPA, ITAR/EAR, etc
    • Impact if not Implemented:
      As the Kuali user community grows, it will become more diverse. We are likely to see more business needs related to this item as new adopters work to comply with various institutional and external policies.
    • Priority - KFS:
      Medium
    • Priority - KC:
      Medium
    • Priority - KS:
      Low
    • Priority - Rice:
      No Priority
    • Theme:
      Ease of Implementation
    • Effort Estimate:
      Medium ~ 500 hrs

      Description

      Develop ability to easily allow security classifications to be applied to data elements in applications. (ie. Classified, Confidential, Restricted, Public, etc.) Create a management and governance tool that allows data custodians to administer classifcations. May have ties into KIM roles and permissions and KNS for controlling access to data.

        Attachments

          Issue Links

            Activity

            Hide
            cfairlie Cath Fairlie (Inactive) added a comment -

            Not sure this should be done in the KNS data dictionary.

            Show
            cfairlie Cath Fairlie (Inactive) added a comment - Not sure this should be done in the KNS data dictionary.
            Hide
            lschultz Lori Schultz (Inactive) added a comment -

            This could be useful for KC, but more information on intent would help.

            Show
            lschultz Lori Schultz (Inactive) added a comment - This could be useful for KC, but more information on intent would help.
            Hide
            apotts Tony Potts (Inactive) added a comment -

            rSmart, working with several schools, created a security module for KFS that sounds very similar to what is described above. It may not be a perfect match but I think it has the underpinnings of what you are looking for. We think the work to turn it into a Rice solution would be minimal, it would actually simplify the code a fair amount since we wouldnt have to override Rice services any more. The code has been contributed and released as part of KFS 4.1. Check out the SEC module

            Show
            apotts Tony Potts (Inactive) added a comment - rSmart, working with several schools, created a security module for KFS that sounds very similar to what is described above. It may not be a perfect match but I think it has the underpinnings of what you are looking for. We think the work to turn it into a Rice solution would be minimal, it would actually simplify the code a fair amount since we wouldnt have to override Rice services any more. The code has been contributed and released as part of KFS 4.1. Check out the SEC module
            Hide
            abyrne Ailish Byrne added a comment -

            kfs not voting on this because lori and tony's questions not answered. but, if this is about access security moving to rice (as a contribution), we agree that that is the appropriate approach.

            Show
            abyrne Ailish Byrne added a comment - kfs not voting on this because lori and tony's questions not answered. but, if this is about access security moving to rice (as a contribution), we agree that that is the appropriate approach.

              People

              • Assignee:
                Unassigned
                Reporter:
                byock Bill Yock (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: