Communication/System Integration Points

LEAST PRIVILEGE DOCUMENTATION

System Name: / OpenText VRD
Author: / Eric Byszeski / Diana Burdick
Date Implemented: / 10/27/2014
Date Last Reviewed: / 10/27/2014

Communication/System Integration Points

• The system is accessible to staff directly via an http url. This URL is available to staff via a link on the WMIS Links utility page.
• Documents are uploaded to VRD via the Bulk Capture application. Documents are made available to the Bulk Capture application from the OpenText Capture Center application. This applicaiton places the document and a .csxml file in a location specified by the VRD configuration, which is managed by ECM Technical Support Staff.
• The VRD application has a .net web service referred to as the Records Service available. This web service allows for .net application integration/document uploads.
• The PIMS/CFI (custom .net) applications upload documents to VRD via the .net Records Service. The PIMS/CFIapplications are able to upload documents, create/update document metatdata. The PIMS/CFI applications are not allowed to delete, or replace documents in VRD.
• The Cash Receipts (custom .net) application uploads documents to VRD via the .net Records Service. The Cash Receipts application is able to upload documents, create/update document metadata. The Cash Receipts application is not allowed to delete, or replace documents in VRD.
• The Regulatory Vault application updates/maintains regulatory vault physical files. The application manages the metadata stored in VRD for the files that are physically located in each District Service Office’s Regulatory Vault.
• The ePermitting/Resource Data (custom .net) applications upload documents to VRD via the .net Records Service. The ePermitting/Resource Data applications are able to upload/delete/replace documents, as well as, create/update document metadata.

Access Rights Required for System Administration

• Information Technology Bureau (ITB) System Administrators must be able to remotely connect to the servers to monitor performance, install software, install application patches, test applications, troubleshoot applications, manage the infrastructure network connections, and manage the database connections in the staging, development, acceptance and production environments.
• ITB Oracle Database Administrators (DBAs) must be able to remotely connect to the Linux Oracle Database servers to install software, manage databases to monitor performance, create and managed backups, scripting processes, and troubleshoot issues in the staging, development, acceptance and production environments.
• Business Unit Application Administrators must be able to remotely connect to the servers to monitor performance, troubleshoot applications, manage/test application configurations in the staging and development environments.
• Business Unit Application Administrators must be able to remotely connect to the log file shares to monitor/troubleshoot application performance and functionality in the acceptance and production environments.
• Business Unit Application Administrators must be able to remotely connect to the Oracle Database server to query data, and to monitor/troubleshoot application performance and functionality in the staging, development, acceptance and production environments.

Access Rights Required by Users

• Staffs’ security that interact with VRD directly via the http url interface are controlled by Business Unit Application Administrators.
• Staff that interact with VRD via the custom developed applications are managed via the individual service accounts provided to each application by the Business Unit Application Administrators. The permissions associated with these service accounts are controlled by the Business Unit Application Administrators.

Least Privilege Implementation

• Staff shall have permissions based on the roles defined within the VRD application’s security. Access will be provided in accordance with applicable District Policies, Procedures and Guidelines. Access is administered by the General Services Bureau.
• ITB System and Database Administrators will be granted administration privileges through their tech account and/or VRD service account. Access will be restricted to those ITB staff specifically assigned either primary or backup support responsibilities.
• Business Unit Application Administrators will be granted desktop administrative privileges through a VRD related service account to the staging and development environments only.