Privacy File

From PGVWiki
Jump to navigation Jump to search

PhpGedView has a wide range of privacy settings. Most of them are configured in the "Privacy file", some in Access and Privacy settings in the Gedcom configuration, and some in the Gedcom data using the Restriction tag. The Gedcom Privacy configuration screen is divided into sections.

Many settings (like e.g. Show Sources) have the same Show to? selection of options in a drop down menu:

  • Show to public
  • Show only to authenticated users
  • Show only to admin users
  • Hide even from admin users

Please remember to press the Save configuration button after your changes.

General Privacy Settings

You can have different Privacy settings for each GEDCOM on your PhpGedView web site. Check under the page title whether you are editing the correct GEDCOM.

You can override these general settings by using the other sections (Privacy Settings by ID, User Privacy Settings, Global Privacy Settings and Facts Privacy Settings by ID) on this configuration page.

Show Dead People

Set the privacy access level for all dead people. Default is Show to public.

Show Living Names

Should the names of living people be shown to the public? Default is Show only to authenticated users.

This sets $SHOW_LIVING_NAMES in xxx.GED_priv.php.

Show Sources

Set the privacy access level for all Sources. If the user does not have access to Sources, the Source list will be removed from the Lists menu and the Sources tab will not be shown on the Individual Details page. Default is Show to public, recommended value is Show only to authenticated users.

Enable Clippings Cart

The clippings cart allows users to add people to a temporary file that they can download in GEDCOM format for subsequent import into their genealogy software. Default is Show to public, recommended value is Show only to authenticated users.

Show Research Assistant

What type of user can view the Research Assistant module if it is installed? Default is Show only to authenticated users.

This sets $SHOW_RESEARCH_ASSISTANT in xxx.GED_priv.php.

Show Multi-Site Search

Multi-site search allows users to search across multiple PhpGedView websites which you have setup in the Manage Sites administration area or remotely linked to. This option controls whether the Multi-site Search feature is available to everyone or only to authenticated users. Default is Show only to admin users.

Limit Privacy By Age of Event

The Limit Privacy by age of event setting will hide the details of people based on how old they were at specific events regardless of whether they are dead or alive.

Use this setting along with the Age at which to assume a person is dead setting. For example, if you made the Age setting 100 and set this option to Yes, all persons, alive or dead, born less than 100 years ago would be set to private. People who were married less than 85 years ago and people who died less than 75 years ago would also be marked as private. Please note that using this option will slow down your performance somewhat.

This sets $PRIVACY_BY_YEAR in xxx.GED_priv.php.

Use GEDCOM (RESN) Privacy Restriction

The GEDCOM 5.5.1 specification includes the option of using RESN tags to set Privacy options for people and facts in the GEDCOM file. Enabling this option will tell the program to look for level 1 RESN tags in GEDCOM records. It means that it will honor restrictions for all data for Individual and Family if such restrictions are found in the Gedcom file. See details on setting a Restriction.

Level 2 and higher RESN tags are always applied and will not be affected by this setting. This means that restrictions on Facts, Events for people and families are always honored by PGV.

Note that this might slow down some of the functions of PhpGedView such as the Individual list.

Use Relationship Privacy

No means that authenticated users can see the details of all living people. Yes means that users can only see the private information of living people they are related to.

This sets $USE_RELATIONSHIP_PRIVACY in xxx.GED_priv.php.

Max. Relationship Path Length

If Use relationship privacy is enabled, logged in users will only be able to see or edit individuals within up to this maximum number of relationship steps. Each user account has its own relationship privacy access level setting, which can not be set in excess of this master setting.

This sets $MAX_RELATION_PATH_LENGTH in xxx.GED_priv.php.

Check Marriage Relations

Check relationships that are related by marriage.

This sets $CHECK_MARRIAGE_RELATIONS in xxx.GED_priv.p

Age at which to Assume a Person is Dead

If this person has any events other than Death, Burial, or Cremation more recent than this number of years, he is considered to be "alive". Children's birth dates are considered to be such events for this purpose.

Privacy Settings by ID

These settings allow administrators to override default privacy settings for a particular object:

  • An Individual
  • A Family
  • A Source
  • A Multimedia Object

The override can either increase or decrease access to his object, compared to default setting in the General section.

Suppose for example you have a child who died in infancy. Normally because the child is dead, its details would be shown to public users. However, you and everyone else in your family are still private. You don't want to remove the death record for the child but you want to hide the details and make them private. If this child had the ID of I100 you should enter the following privacy settings: ID: I100 Show to: Show only to authenticated users

This works the other way as well. If you wanted to make public the details of someone (ID 101) who you know to be dead but don't have a death date for, you could add the following: ID: I101 Show to: Show to public

You can add as many such restrictions as you want.

This sets $person_privacy in xxx.GED_priv.php.

User Privacy Settings

These settings allow administrators to override default privacy settings for a particular object:

  • An Individual
  • A Family
  • A Source
  • A Multimedia Object

- not for everyone but only for a particular User. This setting can be used to both decrease and increase access to the object, it could for example be used to allow the user to see an otherwise restricted object.

You can use any "Show to?" option, but they don't have their usual meanings: Show to public and Show only to authenticated users permit the user to see the object, while Show only to admin users and Hide even from admin users restrict the access to the object for this user.

Suppose you don't want the user "John" to be able to see any details of an individual with ID I100 in the GEDCOM, you could configure it like this:

Username: John
ID: I100
Show?: "Show only to admin users"

and details for the specified individual would be hidden for the user "John" only.

To show the details of I101 (which usually would be hidden because I101 is still alive) to user "John" set:

Username: John
ID: I101
Show?: "Show only to authenticated users"

This sets $user_privacy in xxx.GED_priv.php.

Global Fact Privacy Settings

This feature is meant to hide certain facts, identified by GEDCOM tags, for all individuals alive or dead. By default the SSN tag is hidden to public users. This is to prevent people from stealing social security numbers and committing identity theft of dead persons. This is probably mostly relevant for the USA.

The following fields should be selected:

Name of fact
A list displays the Gedcom Tags and corresponding names: select the one that should be hidden.
Choice
The Choice element specifies the fact itself or related details. If you select "Show fact details" to limit the restriction to details only, or "Show fact" to restrict fact and its details
Show to ?
Allows you to select the restriction level (see the list of levels at the beginnig of the article)

Rules and limits

All tags can be restricted
This means that not only Facts and Events, but all possible tags - the "Name of fact" combo box lists all tags available for restriction. For example you can restrict Repository (REPO) tag, which is used in Sources, hiding all repository references or Media Object (OBJ) tag, hiding all media references, or File Name (FILE) tag, hiding the file names in all Media Objects, etc.
Only Display is affected
You can hide only the display of the Tag on the object main screen (for example you can prevent displaying "Occupation" on the person's screen). All other occurences of this tag will still be visible, in particular in the "Raw Gedcom" view (Note: this may be abug - see Known Problems/Bugs). If you want to restrict a tag from some group of users, you need to restrict the view of the Raw Gedcom Record from the same group.
Events such as Marriage, which have their own display, are not affected. Restricting the Marriage tag only hides the fact of marriage from the Individual display, not the Family created by this Marriage. The example given in the Help will in fact not hide all marriages.
Only level 1 facts will be effected
This means that only the Tags applicable to Top Level Records can be restricted this way. For example, if you restrict the Address (ADDR) fact, addresses in Individual record will be restricted, while addresses in Residence (RESI) fact will not. To hide person's and family addresses you need to set restrictions on both ADDR and RESI tags. Check the appropriate Gedcom structure to see what will be restricted.
Hiding the event also hides its details
If you use "Show fact" in the Choice field for a restriction, you will restrict displaying the fact and its details. If you use "Show fact details" you will allow the display of the fact but not its details
Hiding fact details does not hide it from editing
Limiting the "Show fact details" to Administrators only does not hide the details from Editors if they open the editing screen.

In general, if you use this feature to restrict some details, it is recommended that you thoroughly test the results to make sure that the consequences of the settings match your intent.

This sets $global_facts in xxx.GED_priv.php.

Facts Privacy Settings by ID

This is an extension of the previous type, Global Fact Privacy Settings. While the former restricts all occurences of a specific Fact, here you can restrict the visibility of this Fact (or Tag) in a selected (by ID) object: Individual, Family or Source.

The first element is the ID of the person (family or source), the second element is the fact (fact type). The Choice element specifies the fact itself or related details. The Show to? element determines at what access level the fact is shown.

You could, for example, hide the Marriage record for a specific Individual, or a Media Object for a specific Source, or even a File name in a specific Multimedia Object.

This sets $person_facts in xxx.GED_priv.php.


Known Problems/Bugs

This section needs to be reviewed / corrected by knowledgeable developers.

Version 4.1

  • Global Fact privacy Settings and Fact Privacy Settings by ID remove the Tags from display, but not from Raw Gedcom view. If viewing the Raw Gedcom is enabled, the Tag, even if restricted in this setting, may still be visible. This problem has been fixed in version 4.1.4 - the tags are removed both from display and from raw Gedcom