<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I’m interested to learn what permissions others of you have assigned to your SIP accounts.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m also interested in whether any of you are allowing external vendors to access your Evergreen instance through the Evergreen API. If so, do you have a specific permission group set up for that API access? If you do, what permissions
did you assign to that API access permission group? Are there other precautions you’re taking to reduce the scope of access external vendors have?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here’s the permissions we currently have for our SIP accounts, and the query we used to pull this from the database if you’re willing to share how you have yours set up:<o:p></o:p></p>
<p class="MsoNormal"><a href="https://docs.google.com/spreadsheets/d/16OPSCdHtuF6YeE_duolNPFKYuyuoyZGrfn4Mj9u3lvo/edit?usp=sharing">https://docs.google.com/spreadsheets/d/16OPSCdHtuF6YeE_duolNPFKYuyuoyZGrfn4Mj9u3lvo/edit?usp=sharing</a><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">-- Here’s the query we used to pull this from the database, in this case limiting it to the specific ‘permission.grp_tree.id’s involved<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">select <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> permission.grp_tree.id as "Grp ID"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.grp_tree.name as "Grp Name"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.grp_tree.parent as "Grp Parent"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.perm_list.id as "Perm ID"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.grp_perm_map.depth "Perm Depth"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.grp_perm_map.grantable "Grantable"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.perm_list.code as "Perm Code"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> , permission.perm_list.description as "Perm Description"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">from permission.grp_tree<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">left join permission.grp_perm_map on (permission.grp_tree.id = permission.grp_perm_map.grp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">left join permission.perm_list on (permission.perm_list.id = permission.grp_perm_map.perm)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">--where permission.grp_tree.id in (1, 3, 5, 9, 10, 12, 13, 4, 45, 8, 87)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Benjamin Murphy<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">NC Cardinal Program Manager<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">State Library of North Carolina<o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#0563C1"><a href="mailto:benjamin.murphy@ncdcr.gov"><span style="color:#0563C1">benjamin.murphy@ncdcr.gov</span></a>
</span></u><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"> |
<a href="https://statelibrary.ncdcr.gov/services-libraries/nc-cardinal"><span style="color:#0563C1">https://statelibrary.ncdcr.gov/services-libraries/nc-cardinal</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">109 East Jones Street | 4640 Mail Service Center
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Raleigh, North Carolina 27699-4600<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-top:6.0pt"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The State Library is part of the NC Department of Natural & Cultural Resources.<o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties.</span></i><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>