Lesson 6: Security
Server provides a security system that protects its resources from inappropriate access by users. In addition to controlling resource-level access, the security system can control access to certain fields or certain information based on the user's role or group level information.
As an alternative to the built-in security system, you can use an LDAP server for Logi Report Security. Logi Report provides interfaces to synchronize with a variety of LDAP servers as well as directly authenticate to an LDAP directory. Conversely, you can pass a Security token to Logi Report for authentication. Logi Report provides an interface for authentication.
This lesson contains the following tasks:
- Task 1: Create a New User
- Task 2: Enable Auditing for the User
- Task 3: Assign Permissions to the User, Group, or Role
To use Server, you must have a user account, which consists of a unique user name and a password. Server verifies your identity when you type your user name and your password and then log on. If your user account has been disabled or deleted, Server prevents you from accessing the web services that Server provides, in order to ensure that only valid users can access the resources that they have permission to see.
Server comes with two built-in user accounts, which are "admin" and "guest". You cannot delete the built-in user accounts. The "admin" user account can neither be deleted nor disabled.
To create a user account:
- In the Server Console, point to Administration on the system toolbar, and then select Security > User from the drop-down menu.
- In the User page, select the New User link.
- Complete the New User dialog box with any user information you would like to use and select OK to create the user.
Although it doesn't matter for this lesson, the Publish privilege is an important aspect of user definition. You can either grant or deny users the ability to publish resources to Server using this check box.
- Server lists the newly-created user in the user table.
You can group users. Often a set of users require the same security privileges, that is, everyone in the Sales organization can view the Sales reports. By creating a named group, you can efficiently manage the security of a set of users. This saves a lot of time when setting permissions. By setting permissions to the Sales group, you don't need to change anything when you delete or add users into the sales organization. Roles are very similar to groups. You can assign users to groups and assign groups to roles, and then apply permission just to the roles.
You can also assign roles to users. Roles help you efficiently manage the user rights and permissions that are required to perform operations on resources. Assigning one or more roles to users gives the users all of the user rights and permissions the roles have to perform their jobs with. You can also assign a role to other groups or roles, and hence the groups or roles inherit the resource and folder permissions that the roles have. Server comes with two built-in roles, which are "administrators" and "everyone". You cannot delete the built-in roles.
Server can record user access and management information in the log files by auditing the user.
To audit the user:
- In the User page, locate the user you want to audit from the user table, then select the corresponding Auditing link in the Control column.
- In the Auditing dialog box, select the OK button to accept the supplied defaults.
Server records the events in the log file.
Permissions, associated with resources and folders which locate in the public folders, are the rules that are granted to users, groups, and roles to control their access to resources and folders. The permissions include: Visible, Read, Write, Execute, Edit, Schedule, Delete, Grant, and Update Status.
After you set permissions on a parent folder, new resources and sub folders created in the folder inherit these permissions. If you do not want them to inherit permissions, you can also set their permissions separately.
To set, view, change, or remove resource permissions:
- In the Resources page of the Server Console, browser to the resource on which you want to set permissions.
- Put the mouse pointer over the resource row, then select the Properties button on the floating toolbar.
- In the Properties dialog box, switch to the Permission tab, select Enable Setting Permissions, then select the role/user/group in the Selected box and select or clear the required permissions. If the role/user/group is not listed in the Selected box, select the corresponding radio button below the Available box, add the role/user/group to the Selected box and then assign the permissions accordingly.
To remove resource/folder permissions for all users, groups, and roles, clear the Enable Setting Permissions option.
- Select OK to confirm the settings.