Rest Easy with Rock's Data Security Features Published Jun 10, 2016 Data security is a hot topic, and one that can make your role in database administration, IT, or church leadership nerve-wracking without the right safety and security measures in place. We've held many of these roles ourselves and we get it, so we've built security features right into Rock to make your life easier. Many items in Rock can be secured to protect access to sensitive information. While we hope that you find the default security settings and roles to be a good start, itʼs important that you understand how security works so that you're able to configure it in a way that makes sense for you. Security Roles The basic access control unit is the Security Role. While you can provide security specific to an individual, itʼs often overly tedious and problematic to define security access down to the individual. Using Security Roles is much more flexible and less prone to error. Having a well thought out strategy for security roles is critical. Too simple and your users might have more rights than they need; too complex and security will be difficult to maintain. We've worked hard to build a foundation for you to build from in this area. We strongly recommend looking over these roles and reading their descriptions before you start setting up your staff and users. Hereʼs a neat tip: Do you have an existing group whose members also need access to a particular page or item? You can enable any group to also act as a security role. In the group viewer, simply check the groupʼs Security Role property and it will show up in the security role lists. Permissions Wherever you see a lock icon in Rock, you can manage the security of the item being displayed. This will bring up the Security Editor, where you can edit these settings: Actions: Tabbed list of security actions available for the item (normally View, Edit, and Administrate). Item Permissions: Specific permissions defined for the item. It will be blank if none have been set. In that case, see Inherited Permissions. Inherited Permissions: Most items don't have permissions of their own, but they inherit them from their parents. For the most part, you'll only add Item Permissions when you want to increase the security of the item. This is a very powerful concept. It keeps you from having to constantly and consistently tweak the security of each item. It also allows you to change the security of an item and let the change trickle down to all of its children. Setting Permissions When setting permissions you will add either an individual, or more commonly a security role, to the permissions list to either Allow them access or Deny rights. The way the system works is that it starts at the top and works its way down the list looking for a specific matching rule. The first rule that matches the logged in individual will be implemented either granting or denying access. Crafting the order of these permissions is important. All this information is just the beginning. For more details and screenshots about securing Rock, along with other database administration tips, check out our Rock Admin Hero Guide. For a hands-on trial, visit our demo site.