adTempus uses the Windows security framework to control access to adTempus and to objects within adTempus.
When a user connects to adTempus, adTempus identifies the user and then determines the permissions for that user.
As in Windows, each secured object support various rights. Individual users or groups are either granted or denied rights. For example, most objects have a "View" right and a "Modify" right. This allows a user to be granted permission to view, but not modify, an object.
The property sheet for each secured object contains a Security page, where a standard security editor is used to modify the permissions for the object.
See the Security Configuration Guidelines topic for recommendations on how to configure security.
|
|
This discussion applies to the management of jobs and other objects within adTempus. When a job executes, any tasks it carries out are subject to Windows security restrictions, based on the user account that the job is running under. See the Job Security topic for more information. |
adTempus supports security inheritance, meaning that each object inherits permissions from its "parent." See the Security Inheritance topic for more information.
There are several special cases to be aware of:
Members of the server's Administrators group can view and take ownership of any object in adTempus. This is true even if the user (or the Administrators) group is not listed in the permissions for the object.
The owner of an object always has complete control over the object. This is true even if the user is not listed in the permissions for the object.
When you establish the default permissions for a type of object you can specify permissions for "CREATOR OWNER". This is a "placeholder" that is replaced with the identity of the creating user when the object is created.
