File Security Options

File Security Options

Controlling who can do what with your IOK files

Omniscope files are not only more compact, interactive and visually communicative than other report data files (e.g. spreadsheet files and webpage tables), they also have many more potential layers of security options to prevent unauthorised access to, and potential re-use of, the data and images within your published files.

Most file security options are accessed from the File > Save or the File > Export > Data File {File Type = IOK} dialog, either as a specific Security dialogue (also available under File > File security) or on the far right side of the File > Save as dialogue under the Security section (with the exception of text field scrambling and random sampling options under the Data > Operations menu, and the 'walled gardens' security perimeter option implemented by issuance of special groups of activation keys. 

Prevent file changes and data copy/save/export ("Owner-locked")

Owner-locking is a change prevention and copy-prevention feature that prevents any changes to the file configuration and even cut-and-paste copying from Omniscope, as well as saving or exporting the data in any way. This is an 'all-or-nothing' setting, designed primarily to prevent recipients of your file from changing the configuration or extracting, modifying or plagiarising your data and Omniscope configuration. Only the Owner (i.e. the Omniscope installation license key that created or last refreshed the file) can be used to disable this setting. The Owner can continue to refresh, edit and save the file even with this setting enabled, but no other installation using another license key can. Effectively, a file opened on a different PC with this setting enabled will operate in free Viewer mode only; changing file configurations, un-hiding tabs or menu/sidebar elements etc. or extracting/copying data will not be permitted. This setting does not protect file B from being overwritten when opening file A, choosing File > Save as and saving over file B. In order to prevent overwrites, you should not only use write protection (see below) but also operating system-level options such as setting the file as Read only in the Windows Explorer file properties, especially for empty template files stored in a shared directory or on the server for refreshing. 

Write-protected ("Warning on save")

This option is available from the right side of the File > Save As dialogue under the 'Other' headiing is a safeguard against accidentally saving changes to an important file, like an empty template file. When this option is selected, users will be warned if they try to save the file with changes or save another IOK  file with the same name. As with Owner-locking (see above) this option does not fully-protect file B from being overwritten when opening file A, choosing File >Save as and saving over file B with the same name. To prevent this, you should use operating system-level options such as Read only settings in the Windows Explorer file properties. Omniscope's Write-protect option merely warns you if you inadvertently press Ctrl+S while an important file is open.

Text Scrambling and Random Sampling Operations

Less revealing versions of files for external distribution/sharing can quickly be generated automatically using operations available under Data > Operations {Scramble} and {Random Sample}. These options create a new version of the IOK file with specified text column values to be 'scrambled' such that the text values cannot be read, or with only a specified number or randomly-sampled rows preserved and the rest deleted for the saved copy of the new sampled file. These security features permit us to assist you with files containing confidential information, but also allows selective scrambling for out-sourcing of some aspects of workflow and data quality while maintaining some columns of data, e.g. names on the payroll, credit card numbers, etc. in un-scrambled format. 

Password protect files

Tick 'password protect' and enter a password to protect the file. If you have already set a password, the Change option will let you change it. Note that if you do not add additional layers of security, anyone with the password can open the file and save a copy with a new password, or none at all. The batch output option also allows you to set personalised passwords on files so that each file recipient must use a separate individualised password.

Time-limiting files

All Omniscope Editions can apply time-limiting to files. This option should always be used to ensure that stale, un-refreshed copies of files are not used once distributed and potentially copied and saved in unexpected places. Ticking this option displays a settings dialog which enables you to specify the exact date/time the file will expire, whether or not an external online Internet time-check will be required (if so, the file will not work offline), an option to specify an "out-of-date please refresh" notice yet still allow access, and the message to display if recipients try to open a completely expired file.  

 

Note: For time-limiting to be permanently enforceable, you must also tick "Owner-locking" (see above).

Server-based permissioning (Server Editions only)

Server Editions can be used to add server-based authorisation/permissioning to files. Essentially, this uses the same login & password system used for web pages to control access to an IOK file. More on implementing this option is available from the KnowledgeBase article on implementing server-based permissioning.

Note: For web server-based file authentication to be permanently enforceable, you must also tick "Owner-locking" (see above) 

Domain Locking (Server Editions only)

Domain locking is a powerful and effective access-restriction and revenue protection feature. Omniscope .IOK/.IOM files are normally free-standing and easily transferred (by e-mail, posting/downloading from blogs and websites, etc.). Adding domain-locking to an .IOK/.IOM file imposes the restriction that the file must be opened directly from the originating (generally password-protected and secure) website. This option enables organisations to restrict access to current employees/subscribers with valid web credentials, and enables commercial data publishers to ensure that only current subscribers have access to their data, and that potentially stale, unrefreshed copies of files saved locally will not open. More information on using domain locking.

Note: For domain locking to be permanently enforceable, you must also tick "Owner-locking" (see above)

'Walled gardens' (Server Editions only)

The option to designate a group of specific Omniscope installations able to create and share files only within the same licensing group is referred to as a 'walled garden'. Omniscope installations activated using license keys belonging to the same 'walled garden' group are able to exchange files, bit other Omniscopes, free Viewer or activated desktops, cannot open files created inside one or more (overlapping) walled garden groups. Files created by Omniscope installations within 'walled gardens' will open only in other Omniscope installations activated by keys from the same 'walled garden' list. An installation can belong to more than one 'walled garden group, which can overlap. Installations can belong to more than one 'walled garden', with different privileges in each 'walled garden'. Privileges for each installation can be set individually to Read-only or Read/Write/Create capabilities for both  'walled garden' and non-'walled-garden' .IOK/IOM files.

For more information on implementing Omniscope-based reporting in high-security settings, please contact us