Data security |
eArray is an Internet-based application that provides research data to organizations registered on the Web site. Data on the site is protected by multiple layers of security.
The security framework of eArray consists of the following important subsystems:
In the eArray system, all data is stored in one folder called the Root folder. Within the Root folder, folders are organized hierarchically, meaning that any given folder can contain one or more subfolders. The Root folder is owned by the Agilent Superadministrator, who has unrestricted access to all folders in the eArray system. There is one and only one Agilent Superadministrator.
For other users, the eArray system restricts access to folders through a system of access privileges. Users are restricted both by the folders they can access, as well as by the specific actions they can take on the data. All users have read-only access to Agilent Catalog content. To assign access privileges for workgroup content on a per user basis, workgroup administrators associate folders and assign specific roles to each user. A role defines a specific set of permitted user actions. Users cannot directly access data in the folders of another workgroup.
Any create, update or delete operation performed on an instance of data gets audited. Auditing is conducted to track changes in data and to provide a mechanism for tracing these changes. Auditing captures the following details within an audit entry:
The data (content item) that is modified.
The reason for the change (if available).
The name of the user who performed the create/update/delete operation.
The date on which the change was made.
Users can download files from the eArray system. For each downloaded file, eArray keeps track of the download date, user ID and design ID. A download log maintains a record of who is accessing data. The download information is logged in a separate table that captures the following details:
The name of the user who performed the download operation.
The name of the file(s) downloaded.
The date on which the download was performed.
Users must register in eArray in order to access the content of their workgroup. They are assigned a login name and password by their workgroup administrator when their accounts are first created in eArray. Users can initiate the registration process themselves, but a workgroup administrator must verify and enable the users before they can access workgroup content. User passwords are encrypted, and users can change their passwords as many times as they like. eArray maintains a record of old user passwords.
Note: Only the latest password is marked as current and used for authentication.
Session management is an Agilent Superadministrator level of security. Sessions provide the Agilent Superadministrator with the ability to monitor the number of users connected to the eArray system at any particular time, and to invalidate a user session, if necessary.