Server Administration Application – Configuring Verj.io Security

Documentation home

 

Introduction. 1

Maintaining Users 1

User Properties 2

Maintaining Roles 3

Role Properties 3

Maintaining Groups 4

Group Properties 5

 

See also: Server Administration Application Home Page, Verj.io Security System

 

Introduction

The Verj.io system is supplied with a built-in security system which supports the definition of users, roles, authorizations, groups and group memberships. Use of this security system is optional. The security system can be maintained on the server using the Server Administration web application as shown below.

 

Maintaining Users

• Click the  icon to create a new user
• Click the  icon to refresh the display
• Click the  icon to delete a user
• Click on a user name to display or edit its properties
• Click Help on the menu at the top of the panel to display this help page

 

The meaning of the various columns shown above is explained in the next section.

User Properties

User properties can be edited when either creating a new user using the  icon or clicking on the name of an existing user. Users can be associated with roles; this can be done directly using the roles boxes shown below, or by associating the user with one or more groups which are, in turn, linked to roles.

 

 

User tab:

User name	The user name – this is only editable when creating a new user
Reset password	Click this checkbox to show password fields where a new password can be entered. This checkbox is only shown when editing an existing user.
Password	User password
Confirm password	User password

 

Roles tab:

Drag roles from the Candidate roles box to the User roles box to add a role to the user. Use the reverse process to remove a role. Any roles inherited from groups are shown for information purposes at the bottom of this tab.

 

Groups tab:

• Click the Add Group button to create a new user
• Click the  icon to remove a group

 

The Membership column is only enterable if the group supports memberships.

 

Maintaining Roles

• Click the  icon to create a new role
• Click the  icon to refresh the display
• Click the  icon to delete a role
• Click on a role name to display or edit its properties

 

Role Properties

Role properties can be edited when either creating a new role using the  icon or clicking on the name of an existing role. Each role consists of a role name plus optionally any number of authorizations. The role name can be used programmatically to check whether a user has a certain role e.g. in Javascript: system.securityManager.hasRole(“Admin”) or FPL hasRole(‘Admin’), and can also be used in workflow assignment. Authorizations can be used to provide more granularity in a security check and are used by the following features within Verj.io:

 

• Secure forms
• Secured workflow processes

 

Click here for more information on roles and authorizations.

 

 

Role tab:

Role name

The role name – this is only editable when creating a new role

 

Authorizations tab:

 

• Click the Add Authorization button to create a new authorization
• Click the  icon to remove an authorization

 

Each authorization contains three basic attributes: type, name and function and all three are required, though wildcards (*) can be specified in each case. These three attributes are matched against the corresponding attributes when a security authorization is checked e.g. in Javascript: system.securityManager,isAuthorized(“Accounts”, accountName, “Read”).

 

Action	·         Allow - returns true to an authorization check that matches the authorization ·         Prevent - returns false
Audit	When this is checked an audit record is written to the security log detailing the userid, the request, the authorization that was used to process the request, and whether the request was allowed or denied. The security log files are controlled by the following three parameters in security.properties:   Ufs.auditLogDirName Ufs.auditLogFileName Ufs.retainOldAuditLogs

 

Maintaining Groups

• Click the  icon to create a new group
• Click the  icon to refresh the display
• Click the  icon to delete a group

Group Properties

Group properties can be edited when either creating a new group using the  icon or clicking on the name of an existing group. Groups can be associated with roles and users can be associated with groups: this provides an alternative way of assigning roles to users.

 

Groups can also optionally have memberships: these are used with a legacy workflow assignment technique.

 

 

Group tab:

Group id	The group name – this is only editable when creating a new group
Group members	Shows the users who are members of this group – this is read only

 

Group Roles tab:

Drag roles from the Candidate roles box to the Group roles box to add a role to the group. Use the reverse process to remove a role. All group roles are inherited by group users.

 

Supported Memberships tab:

 

• Click the Add Membership button to create a new membership
• Click the  icon to remove an membership

 

Membership	The membership name
Exclusive	Check this to indicate that the membership can only have one member e.g. teamLeader

v