The Database used by Gradphile is based on a download of data from the FSU Grad School Graduate Student Tracking database. In Biology, the Gradbeta database is stored on a separate secure server which can only be accessed from within the King Life Sciences building network by the Graduate Office (the graduate director, coordinator, and associate). it is protected by the King firewall from outside access.
The Gradbeta site is generated on the secure server and then uploaded to the bio.fsu.edu server for student and faculty access. Although some portions of the site are publicly accessible (e.g. the handbook), most pages can only be accessed by faculty or students. Users are authenticated by the FSU central authentication server (CAS), aka Blackboard/fsuid login, which verifies identity without Gradbeta needing to see the user’s password. Using the fsuid system also makes it easy for outside committee members to login to their student’s page.
Individual student pages are only accessible to the student and their committee. A custom server-side security program, Cassowary, mediates between the FSU CAS and Gradbeta to restrict page access based on user fsuid. The Cassowary system interfaces with the Apache server to restrict access based on user identity and the category of that user.
Note that Gradphile is a "read-only" system. Any changes to the student or faculty data on the Gradphile site is accomplished via GST, through the established Grad School access process, or by changes in the Gradphile configuation pages on the build server. So no "write" permissions are required or implemented.
See the "Forms" module for more information on access to online forms.
Gradphile permissions for viewing of web pages by users fall into 6 categories of increasing stringency.
These pages are accessible by anyone without restriction. They are limited to public information pages (eg the "Contact Us" page) and the login page.
Pages can be limited to only being viewed by FSU CAS-authenticated users. These pages would be public, but only within the university community. For example, Biology has an "Awards and Scholarships" module that displays pages describing undergraduate and graduate scholarships, and allows any FSU-authenticated user to apply for scholarships.
A graduate student can see their own progress page and their own archived form documents (Declaration of Major Professor(s) form, Program of Study form, Candidacy form, etc.). If the Support module is installed, then students can also see the list of upcoming courses and TA assignments for the department.
The list of students with access is automatically populated from the GST download, and permissions are automatically set on individual the individual Gradphile pages each time the site is re-built.
Individual faculty members can see their own page, which lists all their current graduate students and the supervisory committees on which the facutly member serves. They can also access the individual student pages and archived documents of these students (based on the assumption that the members of the supervisory committee have a legitimate educational interest in monitoring the progress of their students.) Links to alumni pages of the professor are also provided.
Faculty by default cannot see the individual pages and archived documents of any other students in the program.
Faculty can also see certain department-wide overview pages, and the alumni directory and graduate statistics pages.
The list of faculty and their students/committee memberships is automatically populated from the GST download, and permissions are automatically set on individual the individual Gradphile pages each time the site is re-built. NB: there is still some awkwardness to compiling outside faculty members from GST committees
Many departments, like Biology, have sub-areas or foci within their graduate program (eg, grads in Biology fall into one of 3 subareas: "cell and molecular biology", "ecology & evolutionary biology", and "neuroscience"). Faculty representatives who help administer the subareas of the departmental program can be given access to the student pages and documents of those grads within their own area.
Administrators can see all pages on the site, including all student and faculty pages, all archived documents, and all directories and summary statistics pages. This access is almost equivalent to having full GST viewing access (although Gradphile does not download and display all the data in GST: most importantly transcripts are not downloaded or displayed.) So the administrator role is typically limited to e.g. the graduate coordinator, the faculty director, and other advising staff.
Administrators and Area representatives are set in the Gradphile site configuration files of the build server.
These access permissions are default settings. One of the nicer features of the Cassowary system is that defining permissions for a single web page or subdirectory within the site, or conversing access for different groups of users, is as simple as editing a single line meta-directive in the page template.
Example Cassowary page setting for a student page, allowing student ("mnb11d") and committee access:
<meta name="cassowary-users" content="mnb11d thoupt lrinamin jfeng3 mestroupe cschatschneider">