Zusammenfassung der Ressource
ultimateApp RBAC
- systemUserAdmin Rol
Anmerkungen:
- System Administrator, you define ultimateAppSuite users, and assign one or more responsibilities to each user.
- Defining Application User Profile
Anmerkungen:
- 1.- An application user has a username and a password. SystemAdmin Rol define an initial password.
2.- When you define an application user, you assign to the user one or more responsibilities.
A responsibility provides a context in which a user operates. This context can include profile option values, navigation menus, available concurrent programs, and so on.
- making Credentials
Anmerkungen:
- You define userName and password.
Passwords are
Case Sensitivity.
- defining resposibilities
Anmerkungen:
- When you define a responsibility, you assign to it some or all of the components described below:
1.- Menu (Required)
2.- Data Group (Required)
3.- Function and Menu Exclusions (Optional)
- User Session Limits
Anmerkungen:
- Using the following profile options you can specify limits on user sessions.
- Session Timeout
- Predefined
responsibilities
Anmerkungen:
- UltimateAppSuite products are installed with predefined responsibilities. SystemAdmin Rol is one of them.
- RBAC Principles
Anmerkungen:
- Rol Based Access Control
By using RBAC, administrators have more granular control in granting submission privileges to users.
Role security allows you to gather related grants into a collection.
- OVERVIEW
Access control deals with the concept of who has access to what, whether the what is a system or a set of information, and the types of operations that can be executed.
- User
- Rol
Anmerkungen:
- Since the role is a predefined collection of privileges that are grouped together, privileges are easier to assign to users, as in this example:
- To alleviate the issue of overlapping roles, many designers create a hierarchy of roles, using roles within roles to exactly match the data access requirements to user groups.
- Roles provide a means of assigning an organized collection of permissions to users.
- Rather than having to assign each user his or her own set of permissions, roles can be used to greatly reduce the time and effort required to create the proper permissions for any given user.
- In addition, if permissions need to be changed, a role can be easily modified and applied to all users to which it is assigned.
- Default roles
- Connect rol
- Create Session
- Grant security steps
- Define roles
Anmerkungen:
- Define roles for all know classes of users.
- Define access rules
Anmerkungen:
- Define access rules for each role.
- Define restrictions
Anmerkungen:
- Define all row-level and column-level restrictions.
- Create vies
Anmerkungen:
- Create views for all data access.
- Assign views to roles
Anmerkungen:
- Assign the views to the roles.
- Assign roles to users
Anmerkungen:
- Assign the roles to the users.
- Loopholes
- overlapping unplanned roles
Anmerkungen:
- Overlapping unplanned access roles.
- Assigning system privileges to roles.
- Views
Anmerkungen:
- Views represent an excellent mechanism for controlling access to data.
Views can limit access to only specified columns or rows within a single table or joined tables.
Views can also ease application maintenance, for example, if data is accessed via a view, the underlying table can change without requiring application changes.
- others: Label Based Access Control
Anmerkungen:
- The security classification system the government uses with labels such as CONFIDENTIAL, SECRET, or TOP SECRET is perhaps the most familiar example of label-based access control. The labels are assigned to data based on the sensitivity level of the information and access to the data labeled at a certain level (such as SECRET) is restricted to those users who have been granted that level of access or higher.
- fist user logon
- initial pass change process
Anmerkungen:
- You allow a new user to sign-on to TheUltimateApp by defining an application user. An application user has a username and a password. systemAdmin Rol define an initial password, then the first time the application user signs on, they must enter a new (secret) password.
- logon process
Anmerkungen:
- During comparison, if the entered password does not match the decrypted version, then an error message is displayed.
- Function security
Anmerkungen:
- Function security s the mechanism by which user access to applications functionality is controlled.
- Function Register
Anmerkungen:
- Application developers register functions when they develop forms. A system administrator administers function security by creating responsibilities that include or exclude particular functions.