Manualshelf

User's Manual

ManualsBrands7signal ManualsElectronicsSapphire
11121314151617181920
19
USER MANAGEMENT
User management in 7signal Sapphire is based on user groups. A user's access rights in the
system derive from the user group that the user belongs to. A user may only belong to one
user group at a time.
In addition to normal user management the Sapphire system supports user group specific
view virtualization. The system can be configured so that different user groups have access
to different objects that have been created into the system. For instance, one user group
may have access to all objects and two subgroups of that group may only have access to a
portion of all objects. It is also not necessary for the subgroups to have access to any of the
same objects.
User management is also restricted in the same manner as object management. An
administrator user only has access to the users created by him-/herself in addition to any
users belonging to the same administrator group he/she belongs to.
Users belonging to the Sapphire admin group have access to the entire system.
User groups and object permissions
Almost every object created in the Sapphire system includes an access control list (ACL). An
object's ACL is mainly determined by the user group of the user that creates the object in
question.
Note that objects are also created through automatic testing. For example access points,
wireless clients and alarms created this way. Objects created as a result of automatic testing
inherit their ACL from the Eye that conducted the test.
The Sapphire system also includes the functionality to transfer access rights of objects from
one user group to another.
User group hierarchy
The Sapphire system supports two types of user groups: normal user groups and referencing
user groups.
A normal user group can be created either as a new root group or as a subgroup to an
already existing user group. When new groups are created as subgroups under an existing
user group, the existing group inherits access rights to all objects that its subgroups have
access rights to. This inheritance rule applies to the whole user group hierarchy meaning
that the root user group in a hierarchy gets access rights recursively from all subgroups.
Access rights of referencing user groups are not inherited in this way.
A referencing user group can be created for any group except the Solution Administrator
group. A referencing user group always has the same access rights as the user group it
references. The only difference is that a referencing user group cannot be granted the same
access level as the group it references. A common use for a referencing user group is to have
it reference for example an organization’s configuration group. This way the referencing
group’s users can view the configuration group’s objects, but cannot configure the system.