User Tools
uls:usergroups
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
uls:usergroups [2014-12-16 08:34] uls [System Administrators] |
uls:usergroups [2023-03-13 17:22] (current) uls [Detail Access Attributes] |
||
|---|---|---|---|
| Line 22: | Line 22: | ||
| ==== ULS-Master-Admin ==== | ==== ULS-Master-Admin ==== | ||
| - | There is only **one** `ULS-Master-Admin`_. That account, username: 'admin', | + | There is only **one** ULS-Master-Admin. This account 'admin' |
| - | is used for the initial configuration of the domains, servers, | + | is used for the initial configuration of domains, servers, users and groups and more. |
| - | `ULS-Administrators`_, `ULS-Users`_ and more. | + | Users with administrative rights can accomplish further administrative actions. |
| - | Use `ULS-Administrators`_ accounts for further administrative actions. | + | |
| - | See the Administrator's Guide for more information. | + | <!-- See the Administrator's Guide for more information. --> |
| - | + | ||
| - | All changes made by the `ULS-Master-Admin`_ are logged, | + | |
| - | but **NOT** the creation and deletion of ULS-Administrators, | + | |
| - | because that uses currently an underlying mechanic of the | + | |
| - | unix2web webserver, which is more on the operating system level. | + | |
| - | If your ULS-server is to be audited, define a two-man rule | + | All changes made by the users with administrative rights are logged. |
| - | (or 4-eye principle) for all actions as ULS-master-admin. | + | |
| - | Divide its password into two parts, each only known to | + | |
| - | one of the two men and put it into a closed envelope. | + | |
| - | Access only by permission. | + | |
| Line 83: | Line 73: | ||
| ULS-Administrators grant domain rights to ULS-Users. The ULS-Users than | ULS-Administrators grant domain rights to ULS-Users. The ULS-Users than | ||
| - | can access by default all details with the detail access attributes 'all'. | + | can access by default all details with the detail access attributes 'all' (vertical access layer). |
| - | The following table lists the differences in standard and read-only | + | The following table lists the differences in standard and read-only domain rights. |
| - | domain rights. | + | |
| {| | {| | ||
| Line 148: | Line 137: | ||
| | | | | ||
| |} | |} | ||
| + | |||
| + | |||
| === Detail Access Attributes === | === Detail Access Attributes === | ||
| - | By default, ULS-Users can view **all** values of the | + | Detail access attributes can be used to allow or prevent ULS-Users |
| - | source-section-teststep-detail hierarchy of a domain, | + | |
| - | for which he got a domain right granted. | + | |
| - | + | ||
| - | Detail access attributes are used to prevent ULS-Users | + | |
| from accessing specific details, which e.g. may contain | from accessing specific details, which e.g. may contain | ||
| - | security or other crucial information. | + | security or other crucial information. It is effective for all granted domains. |
| - | + | (horizontal access layer). | |
| - | Detail access attributes are granted by ULS-Administrators to | + | |
| - | ULS-Users. That is effective for all details within the domain. | + | |
| - | + | ||
| - | :TODO: | + | |
| - | Standardmäßig werden alle Werte mit den Zugriffsattribut all (oder ohne Zugriffsattribut) übertragen, der Zugriff auf diese Werte ist uneingeschränkt für alle ULS-Benutzer möglich, die Zugriff auf das entsprechende Verfahren haben. | + | By default: |
| + | * ULS-Users can view **all** values of the source-section-teststep-detail hierarchy of a domain, for which he got a domain right granted | ||
| + | * all values are transferred with the detail access attribute 'all', whether explicitly or implicitly if the detail access attribute is not set. | ||
| - | ULS-Administratoren können beliebige zusätzliche Zugriffsattribute definieren, dies muss vor der ersten Benutzung bei der Übertragung von Werten erfolgen, | + | Detail access attributes are granted by ULS-Administrators to ULS-Users. That is effective for all details within the granted domain. |
| - | ansonsten erfolgt die Einordnung der Werte unter dem Zugriffsattribut all für das entsprechende Detail. | + | |
| The detail access attributes are system-wide valid and can be used in | The detail access attributes are system-wide valid and can be used in | ||
| Line 190: | Line 174: | ||
| and LDAP configurations from 'normal' ULS-Users. | and LDAP configurations from 'normal' ULS-Users. | ||
| |- | |- | ||
| - | | sec | + | | sec |
| | A ULS-User must have been granted the 'security' access attribute | | A ULS-User must have been granted the 'security' access attribute | ||
| to be able to access the values of the details that are | to be able to access the values of the details that are | ||
| marked with the 'sec' access attribute. This access attribute | marked with the 'sec' access attribute. This access attribute | ||
| - | is used by the ULS-client for Linux to hide the sudo2uls recordings | + | is used by the ULS-client for Linux to hide e.g. the sudo2uls recordings |
| of terminal- and user-based sessions from 'normal' ULS-Users. | of terminal- and user-based sessions from 'normal' ULS-Users. | ||
| |- | |- | ||
| Line 206: | Line 190: | ||
| |} | |} | ||
| + | ULS-Administrators can define additional detail access attributes. | ||
| + | This must occur before the first values using this detail access attribute is transferred to the ULS-server. | ||
uls/usergroups.1418715257.txt.gz · Last modified: 2014-12-16 08:34 by uls
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
