Versions Compared

Old Version 10

changes.mady.by.user Chooi San Chong

Saved on

compared with

New Version Current

changes.mady.by.user Kevin Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleNote!
  • By default, members of the predefined group Administrator have full permissions for the Access Controller. You can enable these permissions for other groups as well.
  • When no members belong in the Administrator group, all users with full permissions for the Access Controller will have Administrative access.
  • It is not possible to disable or delete the last active user with full permissions for the Access Controller. This is to prevent system lockout.
  • Members that are not part of the Administrator group will not be able to remove or modify the Administrator group and any of its group members.
  • Only one user may use the Access Controller with write permissions at any given time.
  • It is not possible to delete the last group with members that have full permissions for the Access Controller. This is to prevent system lockout.

  • By setting the Platform property mz.security.user.restricted.login to true, access is restricted to one login for each interface type:

    • Desktop

    • Web Interface

    • Command Line Tool mzsh

  • It is possible to use SCIM via the REST HTTP interface to POST, GET, DELETE, PUT and PATCH user and group configurations.
  • By default, MZ installation is installed done with Platform property mz.userserver.filebased = True set to truewhere Access Controller data is stored in files under the $MZ_HOME directory, so it is important that the read/write permissions for $MZ_HOME are given only to authorized unix users or unix user groups.

To open the Access Controller, click the Tools button in the upper left part of the Desktop window, and then select Access Controller from the menu.

...