System Administrator, you define ultimateAppSuite users, and assign one or more responsibilities to each user.
Defining Application User Profile
Nota:
1.- An application user has a username and a password. SystemAdmin Rol define an initial password.
2.- When you define an application user, you assign to the user one or more responsibilities.
A responsibility provides a context in which a user operates. This context can include profile option values, navigation menus, available concurrent programs, and so on.
making Credentials
Nota:
You define userName and password.
Passwords are
Case Sensitivity.
defining resposibilities
Nota:
When you define a responsibility, you assign to it some or all of the components described below:
1.- Menu (Required)
2.- Data Group (Required)
3.- Function and Menu Exclusions (Optional)
User Session Limits
Nota:
Using the following profile options you can specify limits on user sessions.
Session Timeout
Predefined
responsibilities
Nota:
UltimateAppSuite products are installed with predefined responsibilities. SystemAdmin Rol is one of them.
RBAC Principles
Nota:
Rol Based Access Control
By using RBAC, administrators have more granular control in granting submission privileges to users.
Role security allows you to gather related grants into a collection.
OVERVIEW
Access control deals with the concept of who has access to what, whether the what is a system or a set of information, and the types of operations that can be executed.
User
Rol
Nota:
Since the role is a predefined collection of privileges that are grouped together, privileges are easier to assign to users, as in this example:
To alleviate the issue of overlapping roles, many designers create a hierarchy of roles, using roles within roles to exactly match the data access requirements to user groups.
Roles provide a means of assigning an organized collection of permissions to users.
Rather than having to assign each user his or her own set of permissions, roles can be used to greatly reduce the time and effort required to create the proper permissions for any given user.
In addition, if permissions need to be changed, a role can be easily modified and applied to all users to which it is assigned.
Default roles
Connect rol
Create Session
Grant security steps
Define roles
Nota:
Define roles for all know classes of users.
Define access rules
Nota:
Define access rules for each role.
Define restrictions
Nota:
Define all row-level and column-level restrictions.
Create vies
Nota:
Create views for all data access.
Assign views to roles
Nota:
Assign the views to the roles.
Assign roles to users
Nota:
Assign the roles to the users.
Loopholes
overlapping unplanned roles
Nota:
Overlapping unplanned access roles.
Assigning system privileges to roles.
Views
Nota:
Views represent an excellent mechanism for controlling access to data.
Views can limit access to only specified columns or rows within a single table or joined tables.
Views can also ease application maintenance, for example, if data is accessed via a view, the underlying table can change without requiring application changes.
others: Label Based Access Control
Nota:
The security classification system the government uses with labels such as CONFIDENTIAL, SECRET, or TOP SECRET is perhaps the most familiar example of label-based access control. The labels are assigned to data based on the sensitivity level of the information and access to the data labeled at a certain level (such as SECRET) is restricted to those users who have been granted that level of access or higher.
fist user logon
initial pass change process
Nota:
You allow a new user to sign-on to TheUltimateApp by defining an application user. An application user has a username and a password. systemAdmin Rol define an initial password, then the first time the application user signs on, they must enter a new (secret) password.
logon process
Nota:
During comparison, if the entered password does not match the decrypted version, then an error message is displayed.
Function security
Nota:
Function security s the mechanism by which user access to applications functionality is controlled.
Function Register
Nota:
Application developers register functions when they develop forms. A system administrator administers function security by creating responsibilities that include or exclude particular functions.