Versions Compared

Old Version 1

changes.mady.by.user Copy Page Tree

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DPOD supports two types of authentication and authorization registries. An installation may choose to use either LDAP or MonTierDPOD's internal database registry. For ease of use, MonTier DPOD uses its internal database registry by default. Note however that it should only be used for non-production environments or during an evaluation process of MonTierDPOD.

Note

For production environments, it is highly recommended to use LDAP registry

...

Built-in roles

Built-in roles are hard-coded, system-provisioned roles that limit access to certain pages of DPOD's console.

Each user must be assigned to at least one built-in role, or they will not be able to login to the console. It is up to the administrator to decide whether to assign a built-in role directly to the user, or use the group membership mechanism to provide built-in role(s).

The built-in roles are available for view only under [Manage→ System → Roles] (As described in Security Roles). Each built-in role can be linked to users or groups.

The table below lists the available built-in roles:

Role NameDescription
DPODAdminBuilt-in Administrator role. Provides full access
DPODPowerUserBuilt-in Power User role. Allows access to Dashboards, Troubleshoot, Investigate, Reports execution
and viewing devices/domains/services
DPODOperatorBuilt-in role for controllers. Allows access to Dashboards, Troubleshoot and  Investigate views.
DPODInvestigatorBuilt-in role for investigators. Allows access to some of the Dashboards, Troubleshoot and Investigate views.

Custom roles

Custom roles are optional, application-level, roles managed by the administrators. They can be used to limit access to certain data such as specific devices, domains, payload etc.

Each custom role is configured with several permission directives that dictate the allowed or denied access to devices, domains, services etc.

A user does not have to be assigned custom roles. Users that are not assigned any custom roles have access to all the data in the system, as limited by their built-in role to certain pages of the UI Console.

The custom roles are accessed and managed using the [Manage → System → Roles] page.

Each custom role can be linked to users and/or groups.