As a user with administrator privileges, you will have access to the Security rule management menu item.
Through the security rule management display the following workflows can be executed
- add/edit role for a local user for a specific site
- add/edit role for a Windows AD group for a specific site
Clicking the Security rule management menu item will display the following window:
In the picture auto-generated local access security rules have been created for the local users JohnD and JaneD.
The Security rule management provides an overview of existing security rules, as well as the possibility to add rules, edit rules and delete rules.
Security rule types
There are two types of security rules: AD mapping and Local access.
The Local access security rule type is used for local users.
This rule type allows the administrator to grant a role to a local user for a specific site.
When creating a new local user, a site and a role are selected, saving the user will then automatically create a local access security rule granting the user the selected role for the selected site.
If the administrator then wishes to grant the user a role to an additional site, a new local access security rule needs to be added, see How to add or edit a security rule. It is also an option to select the site option “All sites”, which will provide access to all sites for that user.
The AD mapping security rule is used for groups of users, Active Directory groups more specifically.
This rule type allows the administrator to grant a role for all members of an active directory group for a specific site.
If the administrator wishes to grant all members of an active directory group certain role access for a site, an AD mapping security rule needs to be added, see How to add or edit a security rule.
How to add or edit a security rule
In this section, we will describe how to add a new security rule and how to edit an existing one.
To add a new security rule, first, navigate to the Security rule management page.
From here you will have the option to either Add new mapping or Add new local access.
How to Add AD group mapping
Clicking the Add new mapping will display a form for adding a new AD mapping. The content of the form is explained below:
A unique id for the rule
The type of the rule
A description of the rule
The id of the site this rule applies to. Select from the list of available sites. The option “All sites” will provide access for the AD group to all sites defined in the server
The role members of the AD group will be assigned when they log in
The name of the active directory group this rule applies to. It is recommended to copy/paste the name from the “Active Directory Users and Computers” utility as shown in this picture (i.e. in this example “user.planning” would be copy/pasted into the AD Group field)
It is possible to define a domain for the group, this is done on the form \. If no domain is defined, the Multiuser will assume that the group is on the same domain as the server.
It is also possible to enter a specific user instead of a group name, i.e. this way providing access to a given site for a named AD user.
How to add local user mapping
Clicking the add new local access will display a form for adding new local access. The content of the form is explained below:
|Rule ID||Mandatory||A unique id for the rule|
|Rule type||Pre-defined||The type of the rule|
|Description||Optional||A description of the rule|
|Site ID||Mandatory||The id of the site this rule applies to|
|Scheduler role||Mandatory||The role of the user this rule applies to|
|User||Mandatory||The login name of the user this rule applies to|
To edit a security rule, simply click the rule id.
The id and the type of the rule cannot be edited. If any of these needs to be changed first delete the rule and add a new one.