Kbase P26807: How do I define AdminServer security?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
02/10/2009 |
|
Status: Unverified
GOAL:
How do I define AdminServer security when installing 9.1D or later.
GOAL:
Can I define AdminServer security for individual users?
GOAL:
Can I define AdminServer security for Group access?
FIX:
Progress Versions 9.1D and later have optional functionality that allows access to the AdminServer based on a user's membership in a group that has the appropriate privileges to perform AdminServer operations.
Checking a user's group membership consists of the following two processes:
1. Authentication - Determines the user is valid by requiring username and password. This functionality exists prior to Progress Version 9.1D.
2. Authorization - Once authenticated, determines whether you can or cannot use the AdminServer.
During the Progress installation, administrators are asked if they want to enable user authorization:
If the administrator chooses not to use authorization, the AdminServer functionality works as it did in Progress Version 9.1C. That is, there is no group checking and no authorization of users.
When you install the AdminServer, by default, it is started using a default account called LocalSystem. The AdminServer Authorization dialog box also has a username and password option, that, if selected, changes the LocalSystem to a specific username and password.
If the administrator chooses to use authorization, the installation prompts for the name of the group or list of groups. The default group is PSCAdmin. The AdminServer is then going to require authorization and authentication for all operations it performs, including startup and shutdown.
Groups are set up in the operating system, outside of the Progress environment. The administrator can also set up groups in a minimal fashion (locally only) during the Progress install. It is up to the administrator to determine who belongs in which particular group.
If a user attempts to perform an operation and does not belong to a group with that privilege, they receive an error stating that they are not authorized to perform that operation and will be referred to the system administrator for assistance.