PerleVIEW User Accounts

PerleVIEW User Accounts

Menu Selection: PerleVIEW User Accounts

Minimum Required Authorization: PerleVIEW Administrator

PerleVIEW uses a concept of authentication for logging users into PerleVIEW and a concept of authorization for giving users and groups access rights to target devices. PerleVIEW uses Windows authentication to control users logging into PerleVIEW. Authorization for accessing target devices is done through adding a user or group and assigning (PerleVIEW Administrator, Device Admin, Device Operator, Device View) rights to that user or group. By giving users or groups PerleVIEW Administrator privileges, these users and groups will automatically have Device Admin access to target devices.

Authentication

Authentication is based on the mode of operation you select. PerleVIEW can operate in one of two modes for authentication of users.

Windows Mode

In this mode, the username and password which you enter on the login screen will be authenticated against the Windows Server User Accounts. If successfully authenticated, you will be granted access to PerleVIEW.

Once authenticated, PerleVIEW will create a “virtual” user record in its database for this username (if a record does not already exist). A virtual user is a user which was dynamically added by PerleVIEW as opposed to one that was manually configured by the PerleVIEW administrator. “Virtual users” are shown in italics in the User Account log and they will have Device View Access only, unless they are associated with a user group or groups. If this is the case, they will be given the authorization which is associated with this group or groups. PerleVIEW administrators will have access to see virtual user’s attributes, log the user out or convert the virtual user to a normal user.

PerleVIEW/Windows Mode

In this mode, in order to be granted access to PerleVIEW the username/password must first be authenticated by the Windows Server. If this is successful, PerleVIEW will next verify that the username also exists in the PerleVIEW user database. If both conditions are valid, only then is the user granted access to PerleVIEW. This mode of operation allows the PerleVIEW administrator to control which Windows users will be granted access to PerleVIEW.

Authorization

Authorization is the process of assigning PerleVIEW and device rights (PerleVIEW Administrator, Device Admin, Device Operator, Device View) to individual users or to a group. The easiest way to add and maintain authorization rights to target devices is to create groups. Creating groups within PerleVIEW will allow you to assign PerleVIEW and device access (PerleVIEW, Device View, Device Operator or Device Administrator) to that group. Assigning a user to a group is done via the Windows Server User Account settings. Create the same group name under the Windows Server User Accounts then you can add or delete members from this group on your Window Server. When a user logs in, the Windows Server will notify PerleVIEW as to which groups this user is associated with. PerleVIEW will use that information to look for these groups on its database and extract the associated PerleVIEW and device access rights from that group definition and assign them to the user.

103

Page 103
Image 103
Perle Systems 5500320-12 manual PerleVIEW User Accounts, PerleVIEW/Windows Mode, Authorization