|Acrolinx Server||4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3, 5.4, 5.5, 5.3|
Scorecard and Resource Security
You can secure access to Scorecards and resources like images, data backups, and some reports by enabling a property in the core server properties. When this feature is enabled, Scorecards and resources are protected with an API token that gives anyone access for 1 hour. After that, anyone who wants to open an expired Scorecard link must sign in to Acrolinx to view Scorecards.
This is important to take into account when you send links to Scorecards in e-mails or chat messages. Suppose that someone tries to open your link 1 hour after you sent it. In this case, they'll be asked for their Acrolinx sign-in details before they can see the Scorecard. This will also happen if you try to send a Scorecard link without an API token appended to the URL.
After they've logged in, the server will also check to make sure that the person has the appropriate privilege to the view the Scorecard.
The following reports are protected by this API token:
The following developer and debugging resources are also protected by this key:
- The JSON-based Scorecard, which is used by web-based integrations.
- The raw text of the check request.
- The properties that were sent as part of the check request.
Granting Permanent Access to Scorecards and Resources
When this feature is enabled, anyone can open a Scorecard link up to an hour after it was generated. But what if writers need permanent access to their Scorecards? Luckily, anyone who as the privilege "Check documents" automatically gets the privilege "View Scorecards and reports" as well. In other words, if you can check your text, you'll always have permanent access to Scorecards and reports.
For anyone else who isn't lucky enough to have the "Check documents" privilege, you can still give them permanent access to Scorecards. Just give their user account a role that includes the privilege "View Scorecards and reports". You'll find this privilege in the "Checking and clients" section of any role.
Enabling Scorecard and Resource Security
You can enable this feature with the core server property privacy.secureReportDownloads .
This setting configures the server to append the Scorecard and other resource URLs with API tokens so the Scorecards expire after 1 hour.
It also means that you need the privilege "View Scorecards and reports" to open an expired Scorecard.
To enable Scorecard and resource security, follow these steps:
Open your overlay of the core server properties file.
You find the overlay for the core server properties file in the following location:
Add the following line:
You can always disable the feature later by removing the property again. You might disable this feature if you or your writers run into technical issues opening Scorecards. For example, if your organization uses a proxy server, the API tokens can occasionally get corrupted and the Scorecards won't open. If this happens to you, remove the property.
- Save your changes and restart the core server.