Network Router User Manual

32 DOMINION KX USER GUIDE
Users, Groups, and Access Permissions
Overview
The device stores an internal list of user and group names to determine access authorization and
permissions. This information is stored internally in a hashed / encrypted format.
Note to CC-SG Users
If you are using Dominion KX in a CommandCenter Secure Gateway configuration, this section
of the User Manual does not apply to you. When the device is controlled by CommandCenter
Secure Gateway, CC-SG determines the allowed users and groups. Please see the
CommandCenter Secure Gateway User Guide, Administrator Guide, or Deployment Guide
at
http://www.raritan.com/support/sup_prdmanuals.aspx#com for additional information.
Note to Raritan Customers Upgrading from Previous Firmware Versions
If you previously configured Raritan products such as Dominion KSX and IP-Reach running
legacy firmware versions earlier than v3.2, read this entire section carefully
. Beginning with
firmware version v3.2 and above, the implementation of users and groups has changed
significantly to provide more flexible and powerful configurations.
Relationship between Users and Group Entries
You may want to organize users in your device into groups. Assigning users to groups saves time
by allowing you to manage permissions for all users in a group at once, instead of managing
permissions on a user-by-user basis.
User information helps in authenticating users accessing your KX unit. Upon successful
authentication, the device uses Group information to determine the user’s permissions – which
server ports are accessible, whether rebooting the unit is allowed, and other features.
You may choose not to associate specific users with groups. In this case, the KX unit classifies
the user as “Individual.”
The user list on the left side of the screen displays both User and Group names created for the
device. Users belonging to a Group are nested under their group name.
User Groups
Every Dominion KX unit has three default user groups, which cannot be deleted:
ADMIN User group for original, factory-default administrative user.
NONE Permissions defined for this group are employed for a user when your
Dominion KX is configured for remote authentication via LDAP or RADIUS
(see next section), and a login attempt is successful but no user group is returned
by the remote authentication server.
UNKNOWN Permissions defined for this group are employed for a user when your
Dominion KX is configured for remote authentication via LDAP or RADIUS
(see next section), and a login attempt is successful but the user group returned
by the remote authentication server is not found in Dominion KX.
In addition to these three default groups, there is an “Individual” type of group that is built into
the Dominion KX. This is used for a given user to have its own group, separate from other
groups.