8. Admin Console

Users administrator permissions can manage DISQOVER’s general settings from the Admin Console, which is accessible through the main menu (). The Admin Console consists of several panels that are each discussed in this chapter:

• Users Panel (section 8.1)
• Groups Panel (section 8.2)
• Server Panel (section 8.3)
• Customizations Panel (section 8.4)
• System settings (section 8.5)
• User Views and Default Templates and (section 8.6)
• Security Events(section 8.7)
• Plugins (section 8.8)
• Event Actions (section 8.9)
• Machine to Machine (M2M) users (section 8.10)
• Tasks (section 8.11)

The permissions defined in the Groups panel define to which DISQOVER functionality a user has access. Users can therefor only see the panels if they have the necessary permissions.

8.1. Users Panel

The Users panel shows an overview of all users.

You can scroll through the list or use the search field in the bottom left corner to quickly find a specific user in the list based on a text search.

The panel contains the following columns. You can click the name of a column to sort the users by that property.

• Email : the email address of a user.
• Date created : date on which the user was created.
• Last login : date on which the user last logged in.
• License : the End User License Agreement (EULA) assigned to a user.
• Groups : Groups to which a user belongs. Groups determine the permissions and data visibility in DISQOVER for each user. (section 8.2).

By clicking the buttons on the top right of the Users panel, you edit the users:

• Add : adds users. A window pops up in which you can provide a comma/newline separated list of email addresses to be added to the system. If all email addresses are valid, an email will be sent to each user with instructions to activate their account and choose their password. A list of users will appear, which can be exported to csv. Optionally, “Generate passwords” can be selected to create users with a generated password. In this case no activation emails will be sent, but the displayed list of users will include their passwords in plaintext. This data is only generated once. If users lose their password they can request a new password by email (section 1.2).
• Disable : disables selected users. You can show or hide disabled users with the checkbox at the bottom of the panel.
• Remove : removes selected users.
• Change license : assigns a license type to a user. Different End User License Agreements (EULA’s) are provided in DISQOVER.
• Change groups : assigns selected users to one or more groups. Groups can be defined in the Groups Panel (section 8.2).

For each user, the following actions are possible by clicking the icon on the right in to the user table

• Reset password : Reset the password of a user. You will be prompted to enter a new password.
• Unlock account : Unlock the user if the account was locked due to an excessive number of failed logins.
• Open user logs : Access the security event logs for a user, see section 8.7 for more info.

Note

There are different states of user accounts that prevent users from logging in:

• Disabled users have no access to the platform. If you have the necessary permissions to edit the user list, you can disable and enable users from the Users panel. If the option “Show disabled users” is turned on, disabled users are shown in gray.
• Removed users permanently lose access to the platform. This action irreversibly removes the user from the user list. Please ensure all resources owned by this users (schedules, templates, ..) are removed before removing the useraccount. In case you want to keep these resoures, it is recommended to disable the user account instead of removing it.
• As a security measure, a user account becomes locked if a user has too many failed login attempts. That user can then no longer log in and receives an email with a link to reactivate the account. This status is not visible in the Users panel.

At the bottom, you can click “Group statistics” to see how many users are in the default user groups as defined in the contract with ONTOFORCE. These are “Admin users”, “Power users”, “Expert users” and “Consult users”. “Consult users” are users without special permissions (including users with only data restriction groups). If you use groups with custom permissions, there are counted as “Users with custom permissions”. See section 8.2 for more information on user groups.

Note

A system administrator can add a threshold setting for each default user group to the system configuration as described in the system administrator manual. A default event action (see section 8.9) is configured to send an email to the administrator if the number of users with a default user group exceeds the set threshold.

8.2. Groups Panel

With groups, you can easily grant application and data access to users. This way you can ensure that the right people have advanced rights within DISQOVER, and that data sources (and the information they provide), canonical types, instances, properties or facets are only seen by users with the correct access rights. On top of that, you can configure which default templates are visible to the different groups, so the users in that group see the templates made for them.

The Groups panel shows a list of all existing groups and is only visible for users with the permission to see groups. DISQOVER is preconfigured with three groups, “Admin users”, “Expert users” and “Power users”. Admin users can manage the DISQOVER platform and are allowed to perform a variety of administrative tasks in DISQOVER like managing the users and user groups, change permissions, adjust the settings of the platform etc. Export users can manage the data ingestion engine and do advanced customizations of the platform. Power users can configure and develop user views and global templates for dashboards to be used by other users.

8.2.1. Using groups

Groups can be added via the ‘+ Add’ button. A window pops up in which a new group can be created by entering a label and description. If you want to use the group for data restriction, you switch on the toggle and enter the identifier that is used to restrict data within the Data Ingestion Engine.

A new group has no permissions by default. You can add permissions by clicking the name of the group and checking the boxes of the operations that should be permitted to users in that group. Permissions have different criticality levels, that further restrict which users can edit which permissions. For example, a user needs the permission to “Granting or revoking permissions up to criticality level Medium” before he or she can give other users the permission to customize footer and logos. As long as there are no users assigned to a group, anyone with the permission “Editing and deleting user groups” can grant any permission with any criticality level to that group. However, he will not be able to assign that group to any user (including himself) if it grants a permission with criticality level higher than his granting level, as in the example above. If any user was already associated with the group, he will not be able to update the group permissions with a criticality above his granting level.

You can edit a group by clicking the pencil icon next to it (). To remove a group, you can click .

Users can be assigned to existing groups in the users panel (section 8.1). The resulting permissions for that user are the same as ‘OR’-ing the permissions of the contributing groups: if a permission is granted in any one of them, the user will have been granted that permission.

If the DISQOVER setup uses a single sign-on (SSO) access control system, a second list with SSO groups is visible. This list is automatically generated and updated based on the SSO data that is provided when an user logs in. When a new group is detected and added to this list, the administrator receives a notification by mail. It is also possible to predefine SSO groups, by specifying them as ‘external groups’ in the group edit screen. Multiple SSO groups can be associated per group.

As a data scientist or admin, you automatically have unrestricted access to all data in DISQOVER. The option ‘Debug user groups’ in the main menu () allows you to see the platform as members of the different groups or of a combination of groups would see it. If you enter this debug mode, select a group or a combination of groups and refresh the page, you can see the same data sources, canonical types, instances, properties and facets as other members of that group or combination of groups. However, when starting a data export while in debugging mode, the download only takes into consideration your actual rights as a data scientist and administrator and therefore contains all available data.

There are different places where Groups are used:

• Groups and their permissions to DISQOVER functionality are configured from the Groups panel.
• Data visibility of different groups is set in the Data Ingestion Engine (section 9): a data scientist defines which information is restricted to Groups.
• Templates are assigned to Groups in the Templates panel.

8.2.2. Permissions Overview

This is an overview of all permissions, their criticality and additional information. When a user performs an action that is covered by a permission, this can be logged as a “security event” (see section 8.7). The overview shows the name of the actions covered by the permission, and under which circumstances these actions appear in the security events.

• Permission : Accessing the list of users
  • Security event tag : Users > Read
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : A user needs this permission to access the Users Panel.
• Permission : Changing the user groups to which a user belongs
  • Security event tag : Users > Change User Groups
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : This is irrespective of the Grant permissions. When trying to add/remove a group from a user, the grant permissions will also come into play, as described above.
• Permission : Editing and deleting users
  • Security event tag : Users > Write
  • Criticality : High
  • Logging : always logged
  • More info : This permission covers changing licenses, enabling, disabling and removing users.
• Permission : Accessing the user groups
  • Security event tag : Groups > Read
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : A user needs this permission to access Groups panel.
• Permission : Editing and deleting user groups
  • Security event tag : Groups > Write
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : Changing name/description etc with the edit tab, as well as changing permissions or deleting the group. Even if a user has this permission, he will not be able to delete the group if there are still users attached to that group.
• Permission : Granting or revoking permissions up to criticality level Low
  • Security event tag : Groups > Grant level Low
  • Criticality : High
  • Logging : always logged
  • More info : See description above.
• Permission : Granting or revoking permissions up to criticality level Medium
  • Security event tag : Groups > Grant level Medium
  • Criticality : High
  • Logging : always logged
  • More info : See description above.
• Permission : Granting or revoking permissions up to criticality level High
  • Security event tag : Groups > Grant level High
  • Criticality : High
  • Logging : always logged
  • More info : See description above.
• Permission : Accessing and editing system settings
  • Security event tag : System settings > Admin system settings
  • Criticality : High
  • Logging : always logged
  • More info : Setting timeouts, federation values etc.
• Permission : Customizing the footer, logos or the color scheme
  • Security event tag : System settings > Admin customizations
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Use advanced documentation
  • Security event tag : System settings > Use advanced documentation
  • Criticality : Low
  • Logging : never
  • More info : a user with this permission can access the advanced documentation (which includes the descriptions of the Admin Console and Data Ingestion Engine) when clicking the information button.
• Permission : Clearing the cache
  • Security event tag : Server > Clear cache
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Seeing the status of all components
  • Security event tag : Server > Sanity check
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : Allows access to the screen with an overview of the server status
• Permission : Managing jobs (such as ongoing downloads) of any user
  • Security event tag : Server > Admin jobs
  • Criticality : High
  • Logging : never
  • More info : allows an API user to retrieve, restart or delete another user’s jobs.
• Permission : Browsing security events
  • Security event tag : Server > Security events
  • Criticality : High
  • Logging : only logged if denied
  • More info : A user needs this permission to access the Security Events panel
• Permission : Accessing the data tools
  • Security event tag : Data > View
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : Being able to access the Data Ingestion Engine, see the run reports etc. To change or run pipelines, a user needs another permission is needed on top of this one.
• Permission : Editing and deleting pipelines
  • Security event tag : Data > Admin
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Running pipelines
  • Security event tag : Data > Run pipelines
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Subscribing to published RDS data
  • Security event tag : Data > Subscribing RDS
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : see section 10.2.
• Permission : Simulating user group membership
  • Security event tag : Data > Simulate user groups
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : Allows a user to validate data visibility by simulating different group memberships.
• Permission : Customizing user views
  • Security event tag : End user features > Admin user views
  • Criticality : Low
  • Logging : never
• Permission : Creating and editing global templates, and setting system default templates
  • Security event tag : End user features > Admin templates
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Creating advanced widgets
  • Security event tag : End user features > Advanced widgets
  • Criticality : Medium
  • Logging : only logged if denied
• Permission : Managing common collections
  • Security event tag : End user features > Manage common collections
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : See section 7
• Permission : Editing the items of a managed collection
  • Security event tag : End user features > Update managed collections
  • Criticality : Medium
  • Logging : only logged if denied
  • More info : Please refer to section 7 for an in-depth discussion.
• Permission : Managing any collection
  • Security event tag : End user features > Manage any collection
  • Criticality : High
  • Logging : always
  • More info : Please refer to section 7 for an in-depth discussion.

8.3. Server Panel

The server panel provides a brief overview of the settings of the current DISQOVER setup.

8.3.1. Server information

• Version : DISQOVER version (e.g., 6.20).
• Last update of data : the date of the last data update.
• Federated : whether or not DISQOVER is in federated mode (yes/no).
• Can sign up : whether users can sign up (yes/no).
• Allow sharing : whether discoveries can be shared (yes/no).
• Session timeout : the time that a session is kept alive.

8.3.2. System Resets

By clicking the buttons, you can clear the cache and the DISQOVER data processing queue. You can also manually trigger a “DISQOVER data updated” event.

8.3.3. Server status

In this section, you can check the status of the individual components needed to make DISQOVER operational.

8.4. Customizations Panel

The customizations panel provides a way to customize your DISQOVER installation.

8.4.1. Style

• Application name : the name of the application.
• Logo : the image that is shown in the logo widget on the search page.
• In-house canonical type icon : the image shown next to in-house canonical types.
• Primary and secondary colors : the two main colors in DISQOVER, which you can customize using a color picker.

8.4.2. Advanced options

• Rename In-house : in federated installs some canonical types are coming from your own data. By default these are named In-house.
• Support Link : this allows you to add a custom support link in the header.
• Units System : whether the Imperial or Metric system is used to show distances, for example on maps widgets.
• Search page template : whether the standard default template, containing a search bar and all visible canonical types, is available.
• Show help box : the option to show or hide the help tab () in the main header, from which users can access the manual or send feedback.

8.4.3. Footer

You can add text or links to the login and search page. The “content” field contains the displayed text, the optional “url” field contains the link. You can add new items or remove existing ones.

8.4.4. Tracking

• Cookies : You can enable a cookie banner. When enabling the cookie banner, additional scripts will no be loaded until the end-user accepts analytical cookies.
• Script Url : You can add multiple tracking scripts using the “script url” field. For example, if you use hubspot you can enter “//js.hs-scripts.com/12345678.js”.

To apply changes made to this panel, click “save”. Some changes are only visible after a page refresh. To revert all changes, you can click the “Reset to default” button.

Note

Markdown fields have two modes, “Write” and “View”. In “Write” mode you can type any markdown syntax. Some examples of markdown are:

• # Level 1 header
• ## Level 2 header
• __Bold text__ : to add emphasis to a phrase.
• Add two spaces to the end of a line for a line break.

At any point you can see an example of the formatted text by clicking the “View” button.

8.5. System Settings Panel

System settings allow you to adjust several settings.

8.5.1. General

• Session Timeout : the maximum idle time of a session.
• Enable Sharing Dashboards : the option to share dashboards.
• Enable Semantic Permanent URLs : makes it possible to use semantic permanent URLs on the server. Additional configuration is required (see the System Administrator Manual).

8.5.2. Federation

• Federation Host : the server hosting the federation data.
• Federation Username : the username used to log in to the federation server.
• Federation Password : the password used to log in to the federation server.
• Temporarily Disable Federation : the option to enable or disable federation

8.5.3. Email Settings

• Feedback Destination Email Address
• Sender Email Address
• Problem Notification Email Address
• SMTP Host
• SMTP Host Domain
• SMTP Host Port
• SMTP Host User
• SMTP Host Password
• SMTP Use SSL
• SMTP Authentication Type

8.5.4. Access Tokens

• Mapbox Access Token : the credentials to use Mapbox [1] for geographical widgets.
• Mapbox Style URL : the Mapbox [1] style used for geographical widgets.

8.5.5. Exports

• Storage Time : the duration (hours) the exported files are stored.
• Max Size : the maximum file size (Mb) of the exported files.
• Min Remaining Space : the minimum remaining disk space (Mb) when files can be exported.
• Max Job Runtime : after what time a job is considered as running too long for. Jobs running longer than this time limit are stopped.

8.5.6. Server Uploads

• Storage Time : the duration (hours) the uploaded files are stored.
• Max Size : the maximum file size (Mb) of the uploaded files.

8.5.7. Solr

• Solr Endpoint URL: Endpoint URL of Solr or SolrCloud to query the data. Format: http://<hostname>:<port>/solr/<collection_name>

8.5.8. Data Limits

• Maximum Instance Facet Values : the maximum number of facet values for an instance.
• Maximum Number of Links : the maximum number of instances from which links can be followed.

8.5.9. General SAML Settings

• Use Single Sign On : If turned on, GUI users will be using SSO for authentication

8.5.10. IdP SAML Settings

• IdP metadata url : The URL on the IdP where the metadata for the IdP can be found
• IdP entity id : The IdP entity id sent along in messages from IdP to SP
• IdP endpoint for single sign on (sso) : The login endpoint on the IdP
• IdP endpoint binding for single sign on (sso) : The HTTP binding to use
• IdP signing certificate public key : The public certificate used by the IdP for signing the response. (Fingerprints are deprecated)
• IdP encrypting certificate public key : The public certificate used by the IdP for encrypting the response. (Optional)

8.5.11. SP (Disqover) SAML Settings

• SP Entity id : An identifier provided by the IdP to identify the SP
• SP Assertion Consumer Service URL : The endpoint on your installation for incoming IdP SAML messages
• DISQOVER Asertion Consumer Service Binding : The HTTP binding to use
• SP Default landing page URL : The default landing page to go to after login
• SAMLResponse user email attribute name : The attribute name in the SAML Response to use as the identifying email for a user
• SAMLResponse group attribute name : The attribute name in the SAML Response to use as the group variable (Optional)

8.6. User Views and Default Templates Panel

User views define which templates are available and set as default. They do not restrict access to the data, but rather allow users to choose what they want to see. This allows to customize the layout of DISQOVER to different user audiences.

User views that are attached to groups, are only available for that group. User views with no attached groups are visible to everyone.

When accessing DISQOVER, users then see a dropdown which allows them to choose from the user views that are available to them. The order of user views within the panel is the order in which they are shown in the drop-down.

This panel also provides a way to set system wide default templates for canonical types. A user view is a collection of default templates that can be attached to groups.

First you add a user view by clicking “+ Add”. In the pop-up, you can provide a name and description, and optionally which groups can see this user view.

The second pop-up allows you to choose which templates are available for this user view, and which template is set as the system default. You can do this for the search page and the dashboard, instance list and instance details of each canonical type.

8.7. Security Events Panel

Security events in DISQOVER are logged and shown as a separate tab. See section 8.2.2 for a list of permissions and an explanation on when and how the corresponding security events are logged.

The list of logged security events shows:

• The name of the user that attempted them.
• Which operation that user tried to perform.
• Whether or not the user had the necessary permission to perform the action.
• A time stamp.
• The criticality of the operation.

You can filter by event type or criticality, and sort the table by clicking its headers.

8.8. Plugins Panel

A user with ‘Managing plugins’ permission can see which plugins are installed in the ‘Plugins’ tab of the Admin-panel. For each plugin it shows

• name
• description
• plugin-type
• status

The status can be

• Unavailable: the plugin container is not reachable.
• Unknown: the plugin is reachable but validation result is unknown.
• With errors: the plugin is not usable because there were validation errors.
• With warnings: the plugin is usable but there were validation warnings.
• Valid: the plugin is usable, validation succeeded without errors or warnings.

There is also a button to remove a plugin. Technical note: this only disables the plugin and removes its global options. If you restart DISQOVER and the plugin is reachable it will be back in the list.

Click on the name of a plugin to show plugin details. You can see the warnings and/or errors caused by the plugin validation, if any.

You can also configure global plugin options here. And for Event Processor plugins it is possible to add schedules.

More information about plugins can be found in the System Administrator Manual.

8.9. Event Actions

Event actions are automated actions in DISQOVER triggered by an event. For example: sending an email when a pipeline run has succeeded, sending email notifications of a watched dashboard change, doing a HTTP call when a plugin has run,…

In the Event Actions tab, you see an overview of all configured event actions. Clicking on an event action, opens its details. You can add event actions by clicking “ Add” and delete them by clicking .

The details contain the name of an event action, and configuration options:

• Event: the DISQOVER event that triggers the action. Some events contain additional options, such as a custom message to display in the DISQOVER notifications () when this event occurred.
• Action: the action that should start after the event. After choosing an action, you can edit the options to each action. For example the details of a HTTP request.
• Email: send an email
• HTTP: perform a HTTP request
• Plugin: run a plugin of the type event-handler. The options will be the ones configured by the creator of the plugin.
• Task: perform a DISQOVER system task.
• Schedule: here you can choose whether the action immediately follows the event or only at a certain time. For example, the email notification can be sent immediately after a data update, or at most daily (then grouping all notifications).

With event actions, you can for example implement the following automations:

Sending an email after a watched dashboard update

This automation sends an email (with HTML formatting) to an owner of a watched dashboard if the watched dashboard has changed. The email contains a link to the dashboard.

• Event: Watched dashboard changed
• Dashboard name should be left empty
• Custom message: <div style=”color:#14B9D6; font-family: “Lato”, sans-serif; font-size: 16px;text-align: left;”><li><a href=”$dashboard_url”>$dashboard_name</a> </li></div>
• Action: Email
• Footer: </ul><br><br><p style=”text-align:center;”><img src=”https://www.disqover.com/img/logo.png” width=”10%”/><div style=”color:#5E6D81; font-family: “Lato”, sans-serif; font-size: 10px;text-align: center;”><i>If you do not want to receive these e-mails, please stop watching or delete your watched dashboard(s).</i></div></p>
• Header: <div style=”width: 100%; color:#5E6D81; font-family: “Lato”, sans-serif;font-size: 16px; text-align: left;”>There have been changes to your watched dashboard(s):</div><ul>
• Override default e-mail recipient(s) should be left empty. By default the email will be sent to the owner of the watched dashboard.
• Email subject: DISQOVER watched dashboard change
• Trigger notifications immediately

Sending a Slack message when a new SSO user signs up

This automation sends a message to a Slack channel when a new user accesses DISQOVER via SSO.

• Event: User was added by SSO
• Custom message: ‘{“text”: “User $email was added by SSO”}’
• Action: HTTP
• Username and password authentication should be left empty in this case
• Additional HTTP headers: {“Content-Type”: “application/json”}
• HTTP method: POST
• HTTP timeout can be left empty
• URL is an url of the form https://hooks.slack.com/services/XYZ that can be created according to Slack’s instructions for webhooks (https://api.slack.com)
• Trigger notifications immediately

Starting another pipeline when a pipeline execution is finished

This automation starts a pipeline run in DISQOVER when a pipeline execution is finished.

• Event: Pipeline run finished

• Filters:

  ‘Pipeline Name’: name of the pipeline that triggers the event. If there are multiple pipelines with the same name, please use the ‘Pipeline guid’. ‘Status’ field can be set to - ‘Completed with success’ to only trigger the action on pipeline runs that finished with success or with warnings - ‘Error’ to only trigger the action if the pipeline run encountered one or more errors - ‘Unexpected error’ to only trigger the action if the pipeline run encountered unexpected errors and did not run to completion (e.g. a failure to start due to a full disk situation).

• Action: Task

• Task: Execution Data Ingestion Pipeline

• pipeline_guid: The pipeline guid of the pipeline to execute

• Trigger notifications immediately

  If you want to trigger the next pipeline run independently of the status of the first pipeline execution, you can leave the ‘Status’ field empty. If you want to trigger the pipeline on multiple ‘Status’ values, please create a separate Event Action for each status.

8.10. M2M Panel

The M2M panel shows an overview of all machine to machine users. Machine to machine users can be created or removed but cannot be changed after creation. It is strongly encouraged to use machine to machine users for scripts and automation. All machine to machine users have a limited lifetime that is defined upon creation and cannot be prolonged afterwards.

By clicking the buttons on the top right of the M2M panel, you can add or remove users:

• Add : adds a machine to machine user. A window pops up in which you can provide a user id and a lifetime for the user and the the groups to which the user will belong. If the user is created, the used id and access key is displayed, which can be exported to csv. The access key cannot be retrieved any other way, if the access key is lost a new M2M user must be created.
• Remove : removes selected machine to machine users.

The M2M users can be used by adding the following headers in requests to the DISQOVER API

'x-machine-id': <id>
'x-access-key': <access_key>

For more information about the usage of machine to machine users can be found in the API documentation, or contact support in case of questions.

8.11. Tasks

You can find an overview of all running and finished tasks in DISQOVER in the task overview table. You can use the task overview to check running tasks or to inspect finished / failed tasks details and results.

The list of tasks shows:

• The type of task that is executed / executing.
• The status of the task
• The owner of the task (which will be :system_account: for tasks that are created automatically by DISQOVER)
• The creation timestamp
• Which queue a task did run / is runnning (for debugging purposes)

You can filter by task type, and sort the table by clicking its headers. You can refresh the table by clicking the refresh button in the right corner of the table.

When you click on a task, you see some additional information (e.g. end time, additional task options, …) and (if relevant for the task) the task results.

[1]

(1, 2) Copyright (c) 2020, Mapbox All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of Mapbox GL JS nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.