The Access Control view is an administrative area used to view and configure security settings for remote Server access, including LDAP integration.
- Project installation (using the Projects view)
- Business Process launch (using the Business Process view)
- Server suspend and resume (using the Server Environment toolbar)
- Log data access and reprocessing (using the Auditor view)
- User settings, permissions management, password reset (using the Access Control view)
- Resource management: Start/Stop File Monitors, Web Services (using the Resource Monitors view)
- Licensing (using the Main menu)
A user represents anyone who can possibly interact with a remote Server in some manner. For example, an advanced user may have full access; they could install deployed Projects, or suspend a server. A basic user, however, may have very limited or read-only access to specific functionality, such as the ability to view logs from the Auditor.
Access Control allows you to create and define different users with different functional role-based permissions. The combination of user and role form a user profile. Three pre-configured user profiles are also provided. These users profiles may be enough to provide the server security you require; however additional users with different roles and permissions can be created and configured. These user profiles can also be edited and deleted, with the exception of ebiadmin.
This tab provides these two areas: Users and User Details.
Users: Users are displayed and can be selected from this area. Only users with a specific Access Control permission (Add/Modify/Delete Users, Roles, and LDAP Profiles) canview, add and remove users.
User Details (including Roles): This area displays information for a selected user including User ID and Name, as well as any assigned roles. Users can be assigned roles, which have different permissions. Only users with a specific Access Control permission (Add/Modify/Delete Users, Roles, and LDAP Profiles) can add or remove roles.
The Roles section of User Details display the role(s) assigned to the selected user. Roles define which permissions are granted to specific users. Role assignments and user accounts authenticate and authorize Access Control in Clarify.
Use the Change/Reset Password button to manage passwords. All users can change their own passwords, but only users with a specific Access Control permission (Add/Modify/Delete Users, Roles, and LDAP Profiles) can reset other user passwords.
Roles describe the relationship between a user and its assigned permissions. For example, the role of SuperUser, shown here, contains many permissions, displayed in the center column. Furthermore, this role has been assigned to the User ID: ebisuper, thereby giving that user all of the role's permissions.
This tab provides these two areas: Roles and Role Details.
Roles: From this area roles can be displayed and selected, which then reflect in the Role Details area. For example, to see the permissions and users assigned to a particular role, then you must select the role in this area. Only users with a specific Access Control permission (Add/Modify/Delete Users, Roles, and LDAP Profiles) can can add and remove roles. In fact, as a user without this permission, only the roles assigned to you are displayed.
Role Details: From this area, a user with Access Control permission (Add/Modify/Delete Users, Roles, and LDAP Profiles) can view, add and remove a role's permissions, and assign a role to a user.
Access Control also provides LDAP integration support for two common authentication service providers: Active Directory and Apache DS. LDAP groups are mapped to Clarify roles, thereby integrating the two systems and providing additional authentication and authorization to Clarify. With successful LDAP integration in place, users can sign into Clarify using their network credentials, which will be directly mapped to their respective role/permission levels in Clarify. This is how single sign-on can be implemented with Access Control.
The tab provides two sections: LDAP Profiles and LDAP Profile Details.
LDAP Profile Details
This section contains these areas: Status, Configuration, and LDAP Group/Role Mappings.
|Status||Use this area to enable or disable (turn on, turn off) the selected LDAP profile.|
|Configuration||Use this area to configure the LDAP integration; this is done by providing and saving LDAP Server connection information, along with validation of the server connection.|
|LDAP Group/ Role Mappings||Map groups from the LDAP server to the roles in Clarify. This relationship allows for true integration between Clarify and your LDAP system.|
For more information, please see LDAP Integration.