Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version 10

changes.mady.by.user Chooi San Chong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleNote!
  • By default, members of the predefined group Administrator have full permissions for the Access Controller. You can enable these permissions for other groups as well.
  • When no members belong in the Administrator group, all users with full permissions for the Access Controller will have Administrative access.
  • It is not possible to disable or delete the last active user with full permissions for the Access Controller. This is to prevent system lockout.
  • Members that are not part of the Administrator group will not be able to remove or modify the Administrator group and any of its group members.
  • Only one user may use the Access Controller with write permissions at any given time.
  • It is not possible to delete the last group with members that have full permissions for the Access Controller. This is to prevent system lockout.

  • By setting the Platform property mz.security.user.restricted.login to true, access is restricted to one login for each interface type:

    • Desktop

    • Web Interface

    • Command Line Tool mzsh

  • It is possible to use SCIM via the REST HTTP interface to POST, GET, DELETE, PUT and PATCH user and group configurations.
  • By default, MZ is installed with Platform property mz.userserver.filebased = True, where Access Controller data is stored in files under $MZ_HOME, so it is important that the read/write permissions for $MZ_HOME are given only to authorized users or user groups.

To open the Access Controller, click the Tools button in the upper left part of the Desktop window, and then select Access Controller from the menu.

...

PropertyDescription
mz.security.max.password.age.enabled

Default value: false

Enables or disables the password expiration check.  This property is only applicable when mz.security.user.control.enabled is also set to true.

If both properties above are set to true, user is required to change password every N days set in mz.security.max.password.age.admin and mz.security.max.password.age.user.

mz.security.max.password.age.admin

Default value: 30

This property specifies the maximum password age for administrator users in days.

Please refer mz.security.max.password.age.enabled column.

mz.security.max.password.age.user

Default value: 90

This property specifies the maximum password age for users in days.

Please refer mz.security.max.password.age.enabled column.

mz.security.max.password.history

Default value: 12

This property specifies how many passwords back that are required to be unique before reusing an old password.

mz.security.user.control.enabled

Default value: false

This property enables or disables enhanced user security. If set to true, a number of rules regarding the passwords apply as soon as the platform is restarted. For information about enhanced user security, see   6.1 Access Controller 5972582 in the Desktop User's Guide.

Note
titleNote!

At installation this property will be set to the same value as the installation property install.security.


mz.security.user.control.password.length.count

Default value: 8

This property specifies the minimum total number of characters in a password.

Note
titleNote!

This is only applicable when the value of mz.security.user.control.enabled is true.


mz.security.user.control.password.numcaps.count

Default value: 1

The minimum number of upper case characters  or number of numerical characters, in a password.

mz.security.user.control.password.numcaps.message

Default value: The password needs at least one capital letter or a number in it.

The message to be displayed for the user when they have not met the condition for the minimum number of upper case or numerical characters in the password.

mz.security.user.control.password.numcaps.pattern

Default value: [A-Z0-9]

The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.length.count

Default value: 8

The minimum total number of characters in a password.

mz.security.user.control.password.length.message

Default value: The password needs to be at least 8 characters.

The message to be displayed for the user when they have not met the condition for the minimum length of the password.

mz.security.user.control.password.lowercase.count

Default value: ""

The minimum total number of lowercase characters in a password.
mz.security.user.control.password.uppercase.count

Default value: ""

The minimum total number of uppercase characters in a password.

mz.security.user.control.password.number.count

Default value: ""

The minimum total number of numeric characters in a password.

mz.security.user.control.password.special.count

Default value: 1

The minimum number of special characters, in a password.

mz.security.user.control.password.special.message

Default value: The password needs to contain at least 1 special character(s).

The message to be displayed for the user when they have not met the condition for the minimum number of special characters in the password.

mz.security.user.control.password.special.pattern

Default value: [\\W_]

The pattern of the permitted values in regular expression. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.repetition.message

Default value: The password contains too many consecutive identical characters.

The message to be displayed for the user when they have not met the condition for the password having the least amount of multiple repeated characters in a sequence.

mz.security.user.control.password.username.message

Default value: The username may not be a part of the password.

The message to be displayed for the user when they have the username contained withing the password.

mz.security.user.control.password.history.message

Default value: The password may not be a recently used password.

The message to be displayed for the user when they are reusing a password that they have used before.

mz.security.user.control.password.extra.count

Default value: ""

The minimum number of characters for the extra user policy.

mz.security.user.control.password.extra.message

Default value: ""

The message to be displayed for the user when they did not meet the requirements of the extra user policy.

mz.security.user.control.password.extra.pattern

Default value: ""

The pattern of the permitted values. The password will be matched to the pattern to determine if the condition is met.

mz.security.user.control.password.extra.type

Default value: ""

The type that determines what the extra pattern will be. The value of this property can be set to regexp or none. Setting it to regexp ensures that the pattern has to conform to regular expressions.

...