Enterprise Objects > Enterprise Operations EIE > Security

Enterprise Operations EIE Security

There are two types of security that apply to the Enterprise Operations EIE.

Configuration Security

The first type is the device configuration security. As with other CygNet EIEs, this security controls who can view or edit the device properties, or delete the device from the Device Definition Service (DDS). The default security application is DDS and the event is ACCESS.

If desired, you can create a custom application/event for each Enterprise Operations device; however, this requires that you add the custom application/event to the Access Control Service (ACS) and assign users and their permission levels for each custom application/event.

Operation Execution Security

The second type is the security in place for the various services with which a given request may interact. For each Enterprise Operations device, you define the User ID against which the ACS will verify permissions. This User ID is also the ID that is recorded in Audit Service records.

Level Type Description

Level 1

Input file system security

In order for an operation request to be accepted by the driver, the request file must be transferred to the input folder configured for each device instance. File system security configuration for this folder is the responsibility of the administrator.

Level 2

Operation enablement

Each device instance has a configured list of operations that are permissible. For each enabled operation, an ACS security application/event can be specified.

If a driver receives an operation request for an operation that has not been enabled, the operation will be rejected. If a driver receives an operation request for an operation utilizing a service that is not permitted, the operation will be rejected.

Level 3

Initial service security challenge

At the start of each operation execution, the device challenges service-level security before proceeding. The list of services to challenge is determined in the operation request.

Example

When executing a GetFacilityAttrList operation on the TEST.FAC service, the user must have read access to the TEST.FAC service for operation execution to continue.

There are three supported methods to specify the user for level 3 security challenges. Each device instance can be configured to accept the user ID through one of the following methods.

  • Accept a dynamic user ID in each request XML. If a request does not contain a user ID, the request will fail.
  • Hard-coded user for all operations. If a request contains a user ID, the request will fail.
  • UIS user ID for all operations.

Level 4

Native CygNet security

Native CygNet security checks that occur during operation execution use the user ID as determined in level 3.

Example

If the device is processing a request to add points to the Point Service (PNT) and the device is configured to use the ID “Acme\Duane.Bettancourt,” the ACS will verify that Duane.Bettancourt has permission to add points to the PNT and the Audit Service records will show that Duane.Bettancourt was the ID that added the points.

Level 5

Output file system security

Operation response files are placed in the output folder configured for each device instance. File system security configuration is the responsibility of the administrator.

See Enterprise Objects Security for further information.

Back to top

Let us know how we can improve this topic.

CygNet at weatherford.com

© 2020 Weatherford. All rights reserved.