Authorizations in the steadyPRINT Center(Last update of this topic: 12-02-2021) |
  
|
(Last update of this topic: 12-02-2021)
Authorizations in the steadyPRINT Center(Last update of this topic: 12-02-2021) |
|
The steadyPRINT Center has its own permission system on the basis of roles handling the authentication as well as authorizations to access functions and objects.
Roles
Individual roles can be defined and domain accounts added via file > settings > Center roles in the steadyPRINT Center (see figure steadyPRINT Center - overview of roles).
At first, a newly created role has no permissions - these must be granted in a dedicated mode. The mandatory and predefined role sysadmin, however, has full access to all objects and settings in the steadyPRINT Center. When initially creating the sysadmin role, steadyPRINT automatically adds the group Builtin\Administrators as well as the user who starts the steadyPRINT Center for the first time. An adjustment of authorized administrators, however, can be done subsequently.
Figure 120: steadyPRINT Center - overview of roles
Role Properties
In the properties of a Center role, access permissions for the stored accounts (users, groups and computers) are granted within the steadyPRINT Center. The permissions themselves are divided into different areas and assigned to certain levels. (see figure steadyPRINT Center - roles).
Figure 121: steadyPRINT - roles
Permissions
There are 3 levels available for granting permissions to access functions and objects:
| • | Grant: Grants full access to the function and/or object. |
| • | Read only: Grants reading access to the object. |
| • | Deny: Denies the access to the function and/or object. |
Note |
Hiding particular print servers, printers and folders in the tree |
|
By assigning the permission Deny to the administration of print servers and printers, you can hide them for desired accounts. Print servers, printers or folders are thus not displayed in the steadyPRINT Center (see Linking roles to objects). |
In the steadyPRINT Center, permissions are granted to print servers, printers as well as folders by linking the available roles.
Figure 122: steadyPRINT - linking the roles
The figure steadyPRINT Center - linking the roles shows the granting of a permission on folder level below the print server bps. Thus, the role Access Admin DE gets access to the folder Deutschland as well as all other objects (printers and folders) below.
Note |
Linking the role sysadmin |
|
The mandatory and predefined role sysadmin is neither visible nor can it be deselected. |
Inheritance
By marking the check box Inherit permissions from figure steadyPRINT Center - linking the roles, roles are inherited from the object lying above. An inheritance takes place until it is canceled again by linked roles on an object lying below.
Authentication and Authorization
The steadyPRINT Center authenticates a user on the basis of the roles and the included accounts. If the authentication against the available roles fails, the steadyPRINT Center enables a login with an alternative user or the termination. (see figure steadyPRINT Center - authentication failed).
Note |
Authentication by group affiliation |
|
The steadyPRINT Center authenticates the user due to his/her group affiliation. In doing so, an evaluation of nested groups takes place. |
Figure 123: steadyPRINT - authentication failed
In order to authorize the access to a function or an object, the steadyPRINT Center verifies all available roles assigned to the user. Finally, the highest permissions level (high = Grant, low = Deny) will be used for the authorization process. The following figure steadyPRINT Center - authorization shows an example for an unauthorized access to functions and objects.
Figure 124: steadyPRINT - authorization