Role System¶
A role connects multiple Windows groups and users with multiple permissions¶
The Role System is located in the Administrator Backend.
Warning
A user who is not member of any role cannot log into SpaceObServer Web Access. Ensure all users are assigned to at least one role to grant them access.
The following permissions are defined in the SpaceObServer Web Access:
Permission |
Description |
|---|---|
Has access to the Administrator Backend. |
Member of this role have access to the Administrator Backend. |
Show also data where the logged in user is not the owner and ignore the ACL filter. |
When the checkbox is deactivated and the ACL for a scan is activated, then the visible data will be filtered by the ACL. When the checkbox is deactivated and the ACL is deactivated, then the user can only see the data where he is the owner. When the checkbox is activated, then all data is visible to the member of this role. |
Show the tab Users. |
Toggles the visibility of the Users tab. |
Allow showing checkboxes in the directory tree. |
Member of this role can enable checkboxes in the directory tree. It is possible to mark folders and files for cleanup purposes. |
Start scans |
Users receive an additional entry in the context menu of the directory tree to start a scan. |
Default roles¶
SpaceObServer Web Access provides default roles with recommended configurations:
Role |
Description |
|---|---|
Administrator |
The Administrator role has all permissions to administrate the software. |
Normal |
Members can see all data, but cannot access the administrator page. |
Restricted |
Members have restricted access to the data and cannot access the administrator page. |
It is possible to create custom roles. The roles Normal and Restricted can be deleted. The role Administrator cannot be deleted.
Groups of the Active Directory are Cached¶
After login (authentication) the SpaceObServer Web Access automatically handles the authorisation of the user. Therefore SpaceObServer Web Access requests the groups of the logged-in user from the Active Directory and caches them. If the group membership of the user in the Active Directory is changed during the caching period, the new group membership may not yet be in effect when the user logs in for the second time. This is because the second time the user logs in, the groups are not loaded from the Active Directory, but from the cache.
Tip
You can clear this cache in the Administrator Backend in the Information tab.