cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prognosis SECURITY configuration scenarios and settings

David_Sun
Expert
Expert
‎12-16-2019 07:57 AM
‎12-16-2019 07:57 AM

Prognosis SECURITY configuration scenarios and settings

The Prognosis SECURITY configuration allows system administrator to control users’ access to individual Prognosis subsystems such Databases, Thresholds, Analysts, Configurations and Commands.

 

General Rules:

 

  • When a SECURITY Configuration has NOT been created, then access is allowed to all users
  • When a SECURITY Configuration has been created and no GRANT or REVOKE rules have been added, then access will NOT be allowed to any users
  • When a SECURITY Configuration has been created with a GRANT rule added which has not been revoked anywhere else in the Configuration, then access is allowed
  • The order of the rules is not significant as access is checked by first looking at all the GRANT rules and then looking at all the REVOKE rules
  • Do NOT change or remove GRANT(*,*,\NT Authority.System) or GRANT   (*, #LocalNode, \NT Authority.System)
  • Always make a backup of the current working config before change it
Security Requirements and Settings:

Scenario 1:
As Prognosis Administrator, I want to allow full access to administrator users,  and only give INFO access to all other users.
 
Setting:

SUBSYS SECURITY

!Grant full access to all subsystems to Admin Users
GRANT (*, *, <Admin-User>)  ! Eg, domain\username, or \domain.username, or local Administrator user

!Local Platform User used by Prognosis service
GRANT   (*, #LocalNode, \NT Authority.System)

! Grant INFO access of all subsystems to all other users
GRANT ( *, *, *, *, *, INFO )
 
Scenario 2:
A more complex configuration which sets users into Admin users, Power users and Operator users.
 
Admin users: full access to all subsystems;
Power users: INFO access to all subsystems, but have access revoked to view SECURITY and PASSWORDS configuration. They also have read access to Databases and Command execution
Operator users:  only have the ability to start displays.

Setting:

SUBSYS SECURITY
!Grant full access to all subsystems to Admin Users
GRANT (*, *, <Admin-User>)

!Local Platform User
GRANT   (*, #LocalNode, \NT Authority.System)

!Power Users   
GRANT (*, *, <Power-User>, *, *, INFO)
GRANT (DATABASE, *, <Power-User>, *, *, READ)
GRANT (COMMAND, *, <Power-User>, *, *, EXECUTE )
REVOKE (CONFIGURATION, *, <Power-User>, CONFTYPE, SECURITY, INFO )
REVOKE (CONFIGURATION, *, <Power-User>, CONFTYPE, PASSWORDS, INFO )
Add categories:
Tags (2)
0 Likes
Reply
Webinar: Keep the modern workforce connected

Unified Communications has always been an important part of companies' digital transformation efforts due to its ability to enable rich virtual collaboration and communication. But with COVID-19, we've reached a break-through point.

Join Bill Haskins, Sr. Analyst & Partner, Unified Communications at Wainhouse Research, and John Ruthven, CEO at IR discuss UC challenges companies are experiencing due to the COVOID-19 crisis.

Join webinar

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect