Users and groups
Users, groups and memberships are handled on the Identities
tab. It consists of a table with users and groups to the left and
the groups they can be members of on the top. Not all groups and users
are shown on the same page, links on the very top lead to pages that
contain a suitable number of groups or users.
Identities
Memberships are assigned by clicking on the squares in the
intersection between the users or groups to the left and the
groups they become members of on the top. A click will change
the membership state, which is indicated by a letter. It might take
several clicks to circle to the wanted state. The different states
are:
- |
Not a member. |
M |
Explicit membership, set by the user. |
m |
Indirect membership, given because this user or group is member
of another group that has an explicit membership. |
Mm |
Both an explicit and indirect membership. |
a |
Automatic membership, imported from another source. |
( ) |
Explicitly not a member. Used to counteract an unwanted
automatic membership. |
< |
Not possible to make this group a member, since two groups
cannot be members of each other. The group Administrators cannot
be a member of the group local because local is already a member of
Administrators.
|
|
Users
A user in SiteBuilder contains a full name as well as a user name used
when to log on. The password is handled by an access control
authentication module. Each user can have more than one authentication
module or even more than one copy of an authentication module. That
way a user could have an additional password by having an extra copy
of the Internal Password module.
Users are often imported from another source, such as the operating
system's user database. If so, the user configurations are done in the
module importing the users. See the User
databases page for more information.
It is however also possible to create users directly in the access
control interface. It is done by pressing the New user
button, and filling in the user name as well as the user's full
name. By default a copy of the Internal password
authentication module will be added as well. It is used to give the
user a password to log in with. It is possible to write the password
itself, or give a version encrypted with the unix crypt function. The
later is good for sharing passwords between different sites.
Users that are created directly can be mixed with imported
users. That way users from within the company could be imported while
users from customers are created in the access control interface.
To later change or remove an user, just click on the user name in
the user listing on the left.
Groups
Groups contain members that are either users or other groups. As with
users groups can be imported from other sources, such as the operating
systems user database, or created directly in the access control
interface. Memberships are imported together with the groups, thus
making it possible to import the entire security settings from another
source. It is still possible to change memberships to imported groups
in the access control interface. Such changes will however be local to
the access control interface, they will not be exported back to the
original source.
There are a special group, Everyone. Request that could not
be linked to any user, such as a request with no authentication
information or a request with the wrong password, will get the
permission of the Everyone group.
To create a new group press the New group button and
give a name to the group.
|