Access Policies

Understanding Access Policies

Access policies in Publisher control who can view and interact with your collections. These policies form the foundation of Publisher's security model, ensuring your data reaches the right audience while maintaining appropriate access controls.

Access Policy Types

Publisher provides three distinct levels of access control, each designed for different sharing needs and security requirements.

Public Access

Collections with public access are available to anyone, including users who aren't logged in. This policy is ideal for openly available datasets, research findings meant for broad distribution, or resources that should be discoverable by search engines.

Public access policies come pre-configured and cannot be modified.

Registered Access

Registered access requires users to log in through Passport before accessing collections. While still relatively permissive, this policy adds a layer of accountability by tracking who accesses your data.

It's particularly useful for:

  • Maintaining usage statistics

  • Understanding your user base

  • Meeting basic compliance requirements

  • Enabling user-specific features

Like public policies, registered access comes pre-configured and cannot be modified.

Controlled Access

Controlled access provides the most sophisticated level of security for sensitive or restricted data. Unlike the other policy types, controlled access policies are fully customizable and can be created by Publisher administrators to meet specific security requirements.

Collections with a controlled access policy can only be accessed by a user if their email is listed within the access policy's allow list.

These policies differ from public and registered access in several important ways:

  • Created and managed by Publisher Admin

  • Limit access to specifically approved users

  • Allow multiple policies to exist simultaneously

When implementing controlled access, you can configure several important features:

Terms of Use enable you to present specific usage agreements that users must accept before accessing the data.

Access Requests allow potential users to submit formal requests for collection access, which administrators can review and approve. You can also maintain detailed "allow lists" of approved users, providing granular control over data access.

Managing Access Policies

Navigate to the Access Policies dashboard through the left sidebar to manage your policies.

Each policy appears with its name, creation date, access type, and number of pending requests. For controlled access policies, hover over any entry to reveal edit and delete options.

Implementation Tips

When choosing an access policy, consider your data's sensitivity and sharing requirements. Public access maximizes visibility, while registered access enables basic tracking. For sensitive data, controlled access provides the most security but requires more active management.

Remember that you can modify which policy is applied to a collection as your needs change. If you've enabled access requests for controlled access policies, monitor the dashboard regularly to review pending requests.

PreviousUpdating Collection ContentsNextCreating an Access Policy

Last updated