Members of the computer's Administrators group always have permission to connect to adTempus, and full control over all objects within adTempus. If adTempus is only going to be used by Administrators, you do not need to modify any security settings. However, if non-Administrators will be using the software, you will need to grant permissions as discussed below.
Before a user can do anything within adTempus, that user must have permission to connect to adTempus, and this permission is assigned independently of all other permissions. For example, you can grant user "Bob" full control over all jobs within adTempus, but if you haven't granted Bob "Connect" permission, he will not be able to connect to adTempus using the Console. Similarly, if you give Bob "Connect" permission but he does not have permissions for any objects within adTempus, he will be able to connect with the Console but will not be able to do anything once he gets there.
As discussed above, we recommend that you create a Windows security group, assign the appropriate users to that group, and then grant permissions to that group within adTempus.
To grant Connect permissions
Go to the Server Options window (Tools > Server Options > General Options) and select the Security Settings page.
Click the Add button and add the appropriate Windows security group (or user).
Select the group or user you added in Step 2.
Check the "Allow" box for the "Connect to Server" permission.
Click OK to save the changes (or continue granting additional permissions as discussed below).
The change made in the previous section will allow the designated user(s) to connect to adTempus, but they still will not be able to do anything as they do not have permissions for any objects within adTempus.
A typical basic security model allows all adTempus users to view all objects and to create new objects, and full control over objects that they have created. To implement this model:
Go to the Server Options window (Tools > Server Options > General Options) and select the Security Settings page.
Select the user group you added in the previous section.
Make sure the Apply permissions to option is set to "Server Settings, all adTempus objects."
Check the "Allow" box for the following permissions:
Connect to the server
List/Use
Associate
View
Create
Click the Add button to add another user.
In the Add User or Group window, type the name "creator owner" and click OK.
Make sure the Apply permissions to option is set to "Objects only".
Check the "Allow" box for the "Full Control" permission.
Click OK to save the settings.
Once you have set a general security policy as outlined above, you can easily refine the security settings for different kinds of objects.
For example, you may want to prevent users from creating new Job Queues. To do this:
Right-click the Queues node and select the Queue Security command.
In the Security Properties window, you will see an inherited entry for the user or group you added in the previous section. This inherited entry cannot be modified.
Click the Add button and add the same user or group.
You will now see a new, non-inherited entry for that user or group. Select it and make sure the Apply Permissions To option is set to "Queue Only."
Check the "Deny" box for the "Create New Queues" permission.
Click OK to save your changes.
You have now overridden the permissions that the Queues node inherited from the server, denying users the right to create new Queues. If some non-Administrative users need to be able to create Queues, you can further modify the permission list to grant them that permission.