User access rights in PresSTORE
Posted by Sven Koester on 22 June 2007 12:32
PresSTORE does not keep its own user database, but uses the existing accounts of the hosting machine.|
For some users, PresSTORE allows full administrative access by default, depending on the operating system:
On OSX, Solaris and Linux, PresSTORE allows operator access for users who are members of the psops group. Operators may start, stop or cancel jobs, but they may not modifiy configured jobs. Operators may exchange, mount and label tapes.
- On Windows for all members of the Administrators group.
- Solaris and Linux for all members of the groups SysAdm, PrnAdm and psadm, as well as for the root user.
- On OSX (Darwin) for all members of the groups SysAdm, PrnAdm, psadm and admin, as well as for the root user.
For all other user accounts, the access is limited and can be changed by editing the login areas in the general setup section of the PresSTORE browser.
In case a client is attached and an attempt is made to access the client from the server through PresSTORE , the access privileges depend on the executed action
Note that by default, a non-administrator has some limited access rights in PresSTORE, e.g. to backup- or archive indices. In case you prefer a restriction so that no rights are granted to new users, you may mant to take the following steps:
- When a backup or archive or a similar job is running, which is executed by the PresSTORE job scheduler, the user login and password for the access are taken from the client configuration in the general setup section of the PresSTORE browser on the server.
- When a user browses interactively on the client's file system, the user login and password information are taken from the user's login on the server machine. Note that this will not work as expected in case the user has different passwords on the server v.s. the client machine.
A newly created user as well as an existing user not belonging to the above group will be able to log in to PresSTORE, but may not access anything whithin PresSTORE.
- Create a new user group on system level
- In PresSTORE, restrict the access of all login areras to that group (or to another group)
- Add on system level those users to the newly created group that may access PresSTORE indices