Security Changes from Prior Versions

adTempus 4 has a slightly different security model than previous adTempus versions did. As a result of this, some manual intervention is required when upgrading your adTempus installation.

Please review the following information on breaking changes and the steps required to address them.

Administrator Access

In prior versions, members of the Administrators group (in Windows) on the adTempus server were automatically granted Administrator permission in adTempus. No user configuration was required in order for these users to connect to and use adTempus.

Beginning with adTempus 4, there is no automatic access granted to Windows Administrators.

What the upgrade process does: The upgrade process will create an Administrator login for the user who runs the installation/upgrade process and/or for other users designated during the upgrade process. No other users will be configured as Administrators.

What you need to do: Log in under one of the accounts provisioned as an Administrator, then create additional user accounts as necessary (see next section). To make a user an Administrator, add the Login to the "adTempus Administrators" security group.

See the Administrator Provisioning topic if you are unable to log in to adTempus after the upgrade.

Security Logins

In prior versions, there was no need to explicitly define users in adTempus. All users were authenticated automatically using Windows security, and permissions within adTempus were linked directly to the user's Windows identity.

Beginning with adTempus 4, each user must have a Security Login defined in adTempus. Windows authentication can still be used to automatically authenticate users, but a Login must be created in adTempus first.

There is no longer a "Connect" permission to assign to users: a user is permitted to connect if there is a corresponding Security Login.

What the upgrade process does: When the upgrade process encounters a Windows identity that has adTempus permissions mapped to it, it will create an adTempus Login and assign the same permissions.

What you need to do: Log in under using an Administrator login (see previous section), then review the user logins created by the conversion process (in the Server Security Settings window). Create additional logins as necessary to allow additional users to connect. Review and adjust permission assignments as necessary (use the Security Configuration Report to get a listing of all permission assignments).

Security Groups

In prior versions, you could grant permissions (including Connect permission) to Windows security groups. Those permissions then applied to any user who belonged to that group.

Beginning with adTempus 4, Security Groups (or roles) can be defined and managed in adTempus. They are not linked to Windows security groups.

What the upgrade process does: If the upgrade process encounters a Windows security group that has adTempus permissions mapped to it, it will create a corresponding adTempus Security Group with the same permissions. However, it will not assign users to the group.

What you need to do: Review the groups created by the conversion process and assign Logins to the groups as appropriate. Review and adjust permission assignments as necessary (use the Security Configuration Report to get a listing of all permission assignments).

Additional Changes from Version 2

If you are upgrading from adTempus version 2, please review the additional changes between version 2 and version 3.