Security

16

Security Overview

Security Events

User Manager

User Group Manager

Default Role and User

Authentication Manager

SSH Strict Host Key Checking

RADIUS Authentication

Object Group Manager

Application Security Policy

Group Rights Summary

Security Overview

This application enforces security several ways, including permissions, authentication, and security policies. The various Managers and interfaces that set and view security settings appear in the Permissions submenu, shown below. Access it by selecting Settings > Permissions.

Figure 16-1  Permissions Submenu

You can also create resource roles (from File > Open > Inventory > Resource Roles, see Resource Roles for details). For each resource role the application automatically creates an object group and puts any resources in the role in that object group. You can then give users or user groups permissions against that object group.

[spacer]

All users inherit OWPublic's permissions. You must remove OWPublic's read permissions from things in Object Group Manager to conceal those items.

Also: Functional permissions originate with users and user groups, and are application-wide. See Permissions and All Permissions. When concatenated with other permissions they are additive (unions, not intersections).

Best practice when trying to restrict user access to particular functions is to create a user group (see User Group Manager), and assign the desired functional permissions to that group, then assign users (see User Manager) to that group.