Versions Compared

Old Version 15

changes.mady.by.user Andrew Ewe

Saved on

compared with

New Version Current

changes.mady.by.user Andrew Ewe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Access Controller - Access Groups tab

Setting

Description

Name

Enter the name of the group. Valid characters are: A-Z, a-z, 0-9, '-' and '_'.

Description

Descriptive information about the group.

Allow Access Through SCIM

Check to enable access through SCIM API.  Refer SCIM

Application

This column is a list of all applications in the system.

Execute

Select to enable the members of the access group to start an instance of the relevant application. Clear to prohibit the access group members from using it.

Write

Check to enable the members of the access group to edit and save a configuration within the relevant application.

Note

Note!

When access group A is granted Write access to an application, if any of the configuration related to the application has their permission set to access group B, members of access group A that are not members of access group B will not have any permission to work on the configuration. For more information on how to set access groups in your configuration, refer to the  Permission Tab under Build View.

Checking Write for Data Management and Tools & Monitoring features will allow members of the access group to manipulate the data contained within.

Clear to prohibit the user from doing so.

Application Category

A drop down menu that allows the user to filter on application type. Options are All, Configuration, Inspection, Tools, Web Interface or Web API.

Select All

Enables Write (if applicable) and Execute for all permissions in the chosen category.

Deselect All

Disables Write and Execute for all permissions in the chosen category.

For information about how to modify configuration permissions, see Configuration Browser.
 

...

You use the Advanced tab to specify the number of consecutive erroneous login attempts permitted by a user, enable logging in the System Log when a user fails to login to  , and configure user authentication by selecting the relevant authentication method.

...

image-20240725-025831.pngImage Added

Options

Description

Login

Number of Consecutive Erroneous Login Attempts

In order to configure the maximum number consecutive failed login attempts, open the Advanced tab, and set a value in Number Of Consecutive Erroneous Login Attempts.

The default is 3. 

This feature is only enabled when Enhanced User Security is activated. When the maximum number of failed login attempts is reached

, the user must restart the Desktop. If enhanced user security is enabled

,the user account is

also

locked

/disabled

.  Refer Enhanced User Security

When user account is locked, the

admin needs to “Enable User

password settings for the user account must be updated in the Users tab, unless Enable Automatic Unlocking Of Users is selected.

Enable Logging for User Login

In order to configure the system to log failed attempts in the System Log, open the Advanced tab, and select the check box Enable Logging For User Login. Successful logins and locked accounts are always logged regardless of this setting.

Enable Automatic Unlocking Of Users

This checkbox is available when enhanced user security is enabled.  Refer Enhanced User Security

Select this check box to automatically unlock accounts that have been disabled due to failed login attempts. Accounts that have been manually disabled from the Users tab are not affected by this setting.

Time Before Automatic Unlocking (Minutes)

This field is enabled when checkbox for Enable Automatic Unlocking Of Users is checked.

Enter the time that should pass before a locked account is automatically unlocked by the system.

The minimum value is 1 minute.

Authenthication

Reauthenticate Users after Inactivity

In order to configure the system to reauthenticate users after a period of inactivity in the Desktop or mzcli shell (interactive mode), open the Advanced tab,  and select the check box Reauthenticate Users After Inactivity.

Time Before Reauthentication (Minutes)

This field is enabled when checkbox for Reauthenticate Users After Inactivity is checked.  

Set the maximum inactive time here.

In the Desktop, the duration of time that the user does not perform any actions is counted as inactive time, regardless of ongoing processes. However, users are not logged out due to inactivity, but must authenticate again in order to continue the session.

In the mzcli shell, the duration of time that the user does not press any key is counted as inactive time, provided that there is no ongoing command execution. Users are logged out as a result of inactivity and are prompted to enter the password again.

Authentication Method

There are two selections available in this dropdown list: Default, LDAP.

User authentication is by default performed in . As an alternative, you can connect Image Modified  to an external LDAP directory for delegated authentication. This facilitates automation of administrative tasks such as creation of users and assigning access groups as mentioned in LDAP Authentication

By selecting LDAP, more fields for LDAP settings will be displayed.