• Article Type: General
• Product: Aleph
• Product Version: 21

Desired Outcome Goal:
Put high level of security on Aleph X-server to prevent unauthorized access to sensitive information

Procedure:
There are two level of security that either can be used separately or used combined.

1) Use $alephe_tab/server_ip_allowed to allow the access to X-server to certain IPs or IP ranges only.

!-!-!!!!!!!!!!!!!!!>
X A 10.1.235.*
X A 10.1.232.115

After change of server_ip_allowed WWW server should be restarted

2) In Staff permission function in GUI you should limit the number of X-Server functions allowed to the WWW-X user to a subset of functions that don't involve sensitive data.
If no user name and password are given when activating the x-service, the default for both is: WWW-X.
You then can define additional staff users that have permission to use all relevant X-services.

Please see section 'X-Service Permissions' in page Introduction to Aleph X-Services (https://developers.exlibrisgroup.com/aleph/apis/Aleph-X-Services/introduction-to-aleph-x-services) for information how to use user-name and password when calling up X-services.

• Article last edited: 5/23/2014