Authorizations in the steadyPRINT Center

(Last update of this topic: 12-02-2021)

Navigation:  Centralized Administration >

Authorizations in the steadyPRINT Center

(Last update of this topic: 12-02-2021)

Previous pageReturn to chapter overviewNext page

The steadyPRINT Center has its own permission system on the basis of roles handling the authentication as well as authorizations to access functions and objects.

Roles

Individual roles can be defined and domain accounts added via file > settings > Center roles in the steadyPRINT Center (see figure steadyPRINT Center - overview of roles).

At first, a newly created role has no permissions - these must be granted in a dedicated mode. The mandatory and predefined role sysadmin, however, has full access to all objects and settings in the steadyPRINT Center. When initially creating the sysadmin role, automatically adds the group Builtin\Administrators as well as the user who starts the steadyPRINT Center for the first time. An adjustment of authorized administrators, however, can be done subsequently.

 

 

sp_center_078

Figure 120: steadyPRINT Center - overview of roles

 

 

Role Properties

In the properties of a Center role, access permissions for the stored accounts (users, groups and computers) are granted within the steadyPRINT Center. The permissions themselves are divided into different areas and assigned to certain levels. (see figure steadyPRINT Center - roles).

 

sp_center_079

Figure 121: steadyPRINT - roles

 

 

Permissions

 

There are 3 levels available for granting permissions to access functions and objects:

 

Grant: Grants full access to the function and/or object.
Read only: Grants reading access to the object.
Deny: Denies the access to the function and/or object.

 

Note

Hiding particular print servers, printers and folders in the tree

               

By assigning the permission Deny to the administration of print servers and printers, you can hide them for desired accounts. Print servers, printers or folders are thus not displayed in the steadyPRINT Center (see Linking roles to objects).

 

Linking roles to objects

In the steadyPRINT Center, permissions are granted to print servers, printers as well as folders by linking the available roles.

 

sp_center_080

Figure 122: steadyPRINT - linking the roles

 

 

The figure steadyPRINT Center - linking the roles shows the granting of a permission on folder level below the print server bps. Thus, the role Access Admin DE gets access to the folder Deutschland as well as all other objects (printers and folders) below.

 

Note

Linking the role sysadmin

               

The mandatory and predefined role sysadmin is neither visible nor can it be deselected.

 

Inheritance

By marking the check box Inherit permissions from figure steadyPRINT Center - linking the roles, roles are inherited from the object lying above. An inheritance takes place until it is canceled again by linked roles on an object lying below.

Authentication and Authorization

The steadyPRINT Center authenticates a user on the basis of the roles and the included accounts. If the authentication against the available roles fails, the steadyPRINT Center enables a login with an alternative user or the termination. (see figure steadyPRINT Center - authentication failed).

 

Note

Authentication by group affiliation

               

The steadyPRINT Center authenticates the user due to his/her group affiliation. In doing so, an evaluation of nested groups takes place.

 

sp_center_081

Figure 123: steadyPRINT - authentication failed

 

 

In order to authorize the access to a function or an object, the steadyPRINT Center verifies all available roles assigned to the user. Finally, the highest permissions level (high = Grant, low = Deny) will be used for the authorization process. The following figure steadyPRINT Center - authorization shows an example for an unauthorized access to functions and objects.

 

sp_center_082

Figure 124: steadyPRINT - authorization