Security Overview

There are two aspects to security in adTempus:

• Job execution security determines what actions an executing job is able to perform.
• adTempus access security determines which users are permitted to view or administer data in adTempus, and which actions they can perform within adTempus.

The security framework changed from adTempus 3 to adTempus 4, and some manual configuration of security will be required if you have upgraded from an earlier version. See the Security Changes topic for more information.

Job Execution Security

Each job in adTempus is assigned a Credential Profile (using the User Account selector in the job properties), which specifies the Windows user account that the job will run under. When adTempus runs the job, it logs in as the specified user and runs the job in that user's security context.

This means that any programs, scripts, or other tasks run by the job will have the same security limitations as if that user were running the program directly. 

The Credential Profile only affects what permissions the job has when it is executed. It does not have any effect on which users are allowed to manage the job within adTempus.

adTempus Access Security

Management of jobs and other objects within adTempus is controlled by the adTempus security framework, which provides granular control over permissions granted to users.

Each adTempus user is represented by a Security Login. When a user attempts to connect to adTempus, adTempus identifies the correct Login based either on the user's Windows identity or on the user ID and password entered by the user.

Each Login is assigned to one or more Security Groups, which allow permissions to be managed easily for sets of users who need similar access.

As in Windows, each secured object support various rights. Individual users or groups are either granted or denied rights. For example, most objects have a "View" right and a "Modify" right. This allows a user to be granted permission to view, but not modify, an object. The property sheet for each secured object contains a Security page, where a standard security editor is used to modify the permissions for the object. adTempus supports security inheritance, meaning that each object inherits permissions from its "parent." See the Security Inheritance topic for more information.

Security Logins and Groups are managed using the Server Security Settings window.

See the Security Configuration Guidelines topic for recommendations on how to configure security and information on initial security setup.