Managing enhanced security features

The MDT Web FrontEnd is using a custom Role based Access Model to manage access to the Deployment Database. It's very easy to configure and manage and ranges from "Full Access for everyone" to "User A only to Instance B and only on some settings". The default Access role will configure Full Access for everyone as with the original Deployment Workbench.

To be able to use this feature, the Deployment Database needs to be extended with some additional Tables and Stored Procedures. Please see the Installation Guide for more information on how to do this.

The idea behind the Access Role Model is to identify different access scenarios and map them to a generic Access Role. An Access Role can be used either for All different types of Identities, or for Locations, MakeModel, Computers or Roles only. Each Identity now has certain areas of interest. The general Details, the Settings, Applications, Roles, Packages, Administrators, and Gateways. For each of these areas a different level of access can be defined. The Access Level can be either "No Access", "Read Only Access", or "Change Access". Where only the latter allows to Create and Delete Instances.

After specifying the Access Role it can now be used to assign individual Users to this Access Role. This Assignment can be configured for either All Instances or specific ones, to e.g. Give a siteadmin access to his location only, but the Helpdesk access to all Computers. The "Default" Access Role(s) will automatically apply to all Users. If different Access Roles have been assigned to a User the highest Access Level configured for the area he is accessing will be used. This means if you configure "Read Only" access in an Access Role marked as Default all Users, even new ones, accessing the page will automatically have Read access.

Additionally each Access Role has a Group assigned. This Group defines what settings will be shown to the User. Please have a look on Managing Groups for more information about this part.

This might sound more complex as it is. Let's have a look on the steps necessary to Manage these Access Roles and see how handy this can become:

Also find a new How-To available on MyITForum:

AccessRoles_Overview.png


Back to the Documentation

Last edited Feb 26, 2010 at 9:17 PM by MaikKoster, version 18

Comments

No comments yet.