PerleVIEW User Accounts
PerleVIEW User Accounts
Menu Selection: PerleVIEW User Accounts
Minimum Required Authorization: PerleVIEW Administrator
PerleVIEW uses a concept of authentication for logging users into PerleVIEW and a concept of authorization for giving users and groups access rights to target devices. PerleVIEW uses Windows authentication to control users logging into PerleVIEW. Authorization for accessing target devices is done through adding a user or group and assigning (PerleVIEW Administrator, Device Admin, Device Operator, Device View) rights to that user or group. By giving users or groups PerleVIEW Administrator privileges, these users and groups will automatically have Device Admin access to target devices.
Authentication
Authentication is based on the mode of operation you select. PerleVIEW can operate in one of two modes for authentication of users.
Windows Mode
In this mode, the username and password which you enter on the login screen will be authenticated against the Windows Server User Accounts. If successfully authenticated, you will be granted access to PerleVIEW.
Once authenticated, PerleVIEW will create a “virtual” user record in its database for this username (if a record does not already exist). A virtual user is a user which was dynamically added by PerleVIEW as opposed to one that was manually configured by the PerleVIEW administrator. “Virtual users” are shown in italics in the User Account log and they will have Device View Access only, unless they are associated with a user group or groups. If this is the case, they will be given the authorization which is associated with this group or groups. PerleVIEW administrators will have access to see virtual user’s attributes, log the user out or convert the virtual user to a normal user.
PerleVIEW/Windows Mode
In this mode, in order to be granted access to PerleVIEW the username/password must first be authenticated by the Windows Server. If this is successful, PerleVIEW will next verify that the username also exists in the PerleVIEW user database. If both conditions are valid, only then is the user granted access to PerleVIEW. This mode of operation allows the PerleVIEW administrator to control which Windows users will be granted access to PerleVIEW.
Authorization
Authorization is the process of assigning PerleVIEW and device rights (PerleVIEW Administrator, Device Admin, Device Operator, Device View) to individual users or to a group. The easiest way to add and maintain authorization rights to target devices is to create groups. Creating groups within PerleVIEW will allow you to assign PerleVIEW and device access (PerleVIEW, Device View, Device Operator or Device Administrator) to that group. Assigning a user to a group is done via the Windows Server User Account settings. Create the same group name under the Windows Server User Accounts then you can add or delete members from this group on your Window Server. When a user logs in, the Windows Server will notify PerleVIEW as to which groups this user is associated with. PerleVIEW will use that information to look for these groups on its database and extract the associated PerleVIEW and device access rights from that group definition and assign them to the user.
103
