At the core of the CygNet security architecture is an Application. An Application is a software component such as a CygNet service, software application, record in a service, or data group.
The tasks that a user performs involving an Application are governed by one or more Events. An Event may apply to a single task, such as acknowledging an alarm, or a collection of tasks, such as adding, editing, or deleting a record.
Security is configured at the Event level by assigning one or more Permissions to an Event. A Permission is a user ID and an authorization level for that ID. The authorization level determines which tasks, if any, governed by the Event the user(s) may perform.
The ID can be a Microsoft Windows logon ID, an Active Directory group, or a CygNet Group.
The ACS resolves security by compiling a list of all Security IDs for each Application and Event. (CygNet Groups and Active Directory groups are resolved down to the user level.) This information is cached by the ACS. The cache is checked every 30 minutes. If your security implementation contains Active Directory IDs and the ACS cannot contact the Active Directory server, it cannot modify the cache. In such cases, any Active Directory IDs that cannot be resolved are ignored. If the ACS shuts down its cache clears. See Using Active Directory with the ACS.
|
|
|
