Global and Local Administration
At least one supervisor (a user assigned all system roles) is required in enaio®. This user has access to all programs and data.
Every other user with the 'Administrator: Configure security system' system role fulfills the function of a supervisor as it allows him to grant his or her profile or any other user any system role, thus providing him or her with access to all programs and data.
Within complex environments, setting up local administrators with limited rights to change the security system configuration might make sense.
Within a specified area, local administrators can create users and groups, assign users to groups, give them previously approved system roles, and manage user accounts.
Local administrators cannot establish or edit the group-specific access rights to object types for the groups. This task must be performed by a user with the 'Administrator: Configure security system' system role.
Areas can be created by a supervisor or by a user with the 'Administrator: Configure local security groups' system role.
Users who will perform the functions of a local administrator need the 'Administrator: Configure local security groups' system role.
Users who can create and configure local security groups fulfill the function of a supervisor.
Remote user administration is currently not supported in Unicode installations.
Follow these steps to configure a local administrator:
- Create an area.
- Assign groups and users as an option to the area.
One group is designated as the 'Standard' group. New users will automatically become members of this group.
- Specify the local administrator.
The user with this function must be assigned the 'Administrator: Configure local security groups' system role.
The local administrator may be given various permissions, which are subject to different limitations.
- Define which system roles the local administrator is allowed to allocate.
Open the configuration dialog by selecting Remote user administration in the Configuration menu or by pressing the relevant button in the toolbar.
Local administration is done in the same way you would carry out global administration in the Security system window. The breadth of functionality is restricted accordingly.
Creating Areas
The Areas register in the remote user administration dialog allows you to create new areas.
The areas that have been set up are listed on the tab.
Press New to create a new area with a name of 255 characters or less. A description is optional.
Use the Delete button to delete an area. If users or groups are assigned to the area, they will be moved into the global area.
Click the Description button to change the description of an area.
Local Groups and Users
Users and groups that have been created are assigned to an area on the User and group assignment tab of the remote user administration dialog.
New users and groups are created using the respective functions in the Security system dialog, which is described below.
When selecting an area for which you can create assignments from the drop-down menu, all global users and user groups will be listed on the right side of the dialog.
Use the Assign and Remove button to configure the groups and users for the area.
Groups
In the global area, every new user automatically becomes a member of the 'Standard' group. This group cannot be deleted.
In a local area, the group assigned first is automatically given the role of the 'Standard' group. This property can be assigned to another group via the context menu in the left-hand dialog area. You can remove all groups from an area. However, users cannot be assigned to an area without any groups.
When removing a group, all users who are exclusively members of this group will become members of the 'Standard' group.
To remove a group which is set as the 'Standard' group, you will have to assign this property to another group first. If there are no other groups, all users will become members of the 'Standard' group in the global area.
You will receive a corresponding notification.
Removed groups will be assigned to the global area.
Users
Global users cannot be assigned to an area unless at least one group has been assigned to it. Assigned users automatically become members of the group which is set as the 'Standard' group. Users can only be a member of one area.
Local administrators can create new users to their area but cannot move global users into an area.
Local Administrators
The local administrator of an area is set on the Local administrators tab.
When selecting an area from the drop-down menu, all users with the 'Administrator: Configure local security groups' system role will be listed on the right side of the dialog.
You can set several users as local administrators.
The local administrator may be given various permissions, which are subject to different limitations:
- Create user
The local administrator can create new users. This right includes the capability of importing users by using synchronization functions.
- Edit user
Local administrators who are not authorized to edit users can modify system roles but not any other user settings. In particular, local administrators cannot edit group memberships.
- Delete user
The local administrator can delete users.
- Copy user
The copy function allows the local administrator to create a new user who has the same system roles and group memberships as a user who is already a member of the area.
Once you have selected all the necessary rights and permissions, you will need toassign them and then save the settings by pressingOK.
Local System Role Assignment
In his or her area, the local administrator can only assign or revoke those rights to users which have been selected on the System roles tab in the remote user administration dialog.
The selected system roles are automatically assigned to every new user in the area.
Choose the area on the left and select all those system roles on the right that the local administrator will be allowed to assign and revoke.
Once you have selected all the necessary system roles, you will need to assign them and then save the settings by pressing OK.
on the right.
areas. Use the toolbar to show all hidden areas at once:
