Source:User Roles and Permissions: Difference between revisions
mNo edit summary |
(Minor correction.) |
||
Line 38: | Line 38: | ||
To grant or restrict user access to specific objects, options, etc., you can set the following permissions: | To grant or restrict user access to specific objects, options, etc., you can set the following permissions: | ||
*'''''Permissions based on user type''''': Access to SEP sesam Server, a specific resource, operation, and displayed GUI options depend on the selected user type. You can check which GUI options are available depending on the selected user type in the [[Special:MyLanguage/5_0_0:User_Roles_and_Permissions# | *'''''Permissions based on user type''''': Access to SEP sesam Server, a specific resource, operation, and displayed GUI and Web UI options depend on the selected user type. You can check which GUI/Web UI options are available depending on the selected user type in the [[Special:MyLanguage/5_0_0:User_Roles_and_Permissions#UI_options|below table]]. | ||
*'''''Access Control Lists (ACLs)''''': ACL specifies which users or groups are granted access to specific objects (client, location, backup, etc.). Only users with ''superuser'' rights can configure ACLs. For details, see [[Special:MyLanguage/5_0_0:Using_Access_Control_Lists|Using Access Control Lists]] | *'''''Access Control Lists (ACLs)''''': ACL specifies which users or groups are granted access to specific objects (client, location, backup, etc.). Only users with ''superuser'' rights can configure ACLs. For details, see [[Special:MyLanguage/5_0_0:Using_Access_Control_Lists|Using Access Control Lists]] | ||
Revision as of 11:54, 18 October 2021
Overview
After activating authentication and configuring the users, you can grant or restrict access to SEP sesam Server, a specific resource or operation within the SEP sesam Server by selecting the appropriate user type (superuser, admin, backup, operator or restore) when adding users to groups.
Each user type represents a specific role in the SEP sesam with attached permissions (e.g. superuser has full control over SEP sesam) and these roles can be assigned to groups automatically based on external configuration or when configuring authentication.
In addition to user roles, there are several user permissions that you can set (attach to a role) to control access to specific resources or operations.
User types
User roles, based on the selected user type, are an access control mechanism for applying fine-grained control over access to the system and its options. The user type can be specified when configuring authentication and adding users to the groups. For details, see About Authentication and Authorization. Users can connect to SEP sesam Server only if they are granted appropriate permissions. Their user rights and also displayed GUI components depend on the user type. The user type can be specified when configuring authentication. For details, see About Authentication and Authorization.
User types
As of. SEP sesam version 5.0.0 Jaglion, the authentication and authorization is enhanced with two new user types – superuser, which replaces the previous Admin role, and backup user. (In previous SEP sesam versions the available user types were admin, operator and restore.) SEP sesam currently provides 5 user types. The following list shows the available user types and their corresponding rights.
- Superuser (≥ Jaglion): The only user type with full control over the SEP sesam environment (previously Admin). This user type with superuser rights is automatically assigned to the Administrator and sesam users.
- Administrator: Administrators can administer the SEP sesam system and access the GUI objects (except permission management) if not restricted by ACLs.
- Operator: Operators can monitor the whole environment.
- Backup (≥ Jaglion): Backup users can access the GUI objects granted by ACLs. They are allowed to start backups.
- Restore: Restore users can access the GUI objects granted by ACLs. They are allowed to start restores.
Furthermore, different permissions can be assigned to users. This means that besides default permissions based on the selected user type, a superuser can also set custom user roles by configuring (ACLs). For example, by assigning the Restore user permission to a specific backup task, that user can start the task-related backup.
User permissions
To grant or restrict user access to specific objects, options, etc., you can set the following permissions:
- Permissions based on user type: Access to SEP sesam Server, a specific resource, operation, and displayed GUI and Web UI options depend on the selected user type. You can check which GUI/Web UI options are available depending on the selected user type in the below table.
- Access Control Lists (ACLs): ACL specifies which users or groups are granted access to specific objects (client, location, backup, etc.). Only users with superuser rights can configure ACLs. For details, see Using Access Control Lists
Available interface options according to user type
The operations and options available after login may differ depending on the user type. The following table shows which GUI and Web UI options are available depending on the user type. Note that almost all options are available in both interfaces, but may appear under a different name in the GUI and Web UI. For example, the Logging option in the GUI is called System Logs in the Web UI. For details on GUI and Web UI elements, see SEP sesam GUI and SEP sesam Web UI.
Note | |
Further restrictions of the GUI and Web UI display might depend on the custom roles with specific permissions and the UI mode. For the backup, restore and operator users the UI mode is set to Advanced automatically and cannot be changed by these users (only superuser or admin can change it). For more details, see Selecting UI mode in the GUI and UI mode in the Web UI. |