Each role can include and exclude specific user names and digital IDs. If you use native operation system authentication, you can also include and exclude operating system group names; all users in the specified group are affected.
Assigning authorized users to a role of a component or a
package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role to which you want to add authorized users.
Highlight the Authorized User folder.
Select File | Add Authorized User.
Enter the name of the authorized user in the dialog, and click Add Authorized User. On Windows, you can provide the name of the domain as part of the authorized user name; for example, \\domain_name\user_name. The user is authenticated using the domain name controller for that domain.
The user’s name appears on the right side of the window when you highlight the Authorized Users folder.
To remove an existing authorized user, highlight the member and select File | Remove Member.
Assigning authorized groups to a role of a component or a
package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role to which you want to add authorized groups.
Highlight the Authorized Group folder.
Select File | Add Authorized Group.
Enter the name of the authorized group in the dialog, and click Add Authorized Group.
The group’s name appears on the right side of the window when you highlight the Authorized Groups folder.
To remove an existing authorized group, highlight the member and select File | Remove Member.
The users and groups of a role are mapped to operating
system users and groups. To validate users and groups, you must
click Enable User and Group Validation from the server’s
Security property sheet. You can only add validated groups to roles.
When Enable User and Group Validation is disabled, package and component
authorizations stop at the user level. There is no attempt to check
group level authorization.
Assigning authorized digital IDs (certificates) to a component
or a package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role to which you want to add authorized digital IDs.
Highlight the Authorized Digital IDs folder.
Select File | Add Authorized Digital ID.
A list of digital IDs appears. Double-click the name of the digital ID that you want to authorize, and click Add Authorized Digital ID.
Only certificates that appear in the EAServer Manager | Certificate folder | User Certificates folder and Other Certificates folder can be authorized. This requires that you install the certificate using EAServer Manager | Certificate folder. See Chapter 14, “Managing Keys and Certificates” for more information.
The user’s name appears on the right side of the window when the Authorized Digital IDs folder is highlighted.
To remove an existing authorized digital ID, highlight the member and select File | Remove Member.
You can verify, export, or view information about an authorized digital ID by highlighting the digital ID and selecting the corresponding option from the file menu. See Chapter 14, “Managing Keys and Certificates” for more information about these options.
Excluding users from a component or a package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role from which you want to exclude users.
Highlight the Excluded User folder.
Select File | Add Excluded User.
Enter the name of the excluded user in the dialog, and click Add Excluded User. On Windows, you can provide the name of the domain as part of the excluded user name; for example, \\domain_name\user_name. The user is authenticated using the domain name controller for that domain.
The user’s name appears on the right side of the window when the Excluded Users folder is highlighted.
To remove an existing excluded user, highlight the member and select File | Remove Member.
Excluding groups from a component or a package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role from which you want to exclude groups.
Highlight the Excluded Group folder.
Select File | Add Excluded Group.
Enter the name of the excluded group in the dialog box, and click Add Excluded Group.
The group’s name appears on the right side of the window when you highlight the Excluded Groups folder.
To remove an existing excluded group, highlight the member and select File | Remove Member.
Excluding digital IDs (certificates) from a component or
a package
Double-click the component or package to which the role belongs.
Highlight the Roles folder.
Double-click the role from which you want to exclude digital IDs.
Highlight the Excluded Digital IDs folder.
Select File | Add Excluded Digital ID.
A list of digital IDs appears. Double-click the name of the digital ID that you want to exclude, and click Add Excluded Digital ID.
Only certificates that appear in the EAServer Manager | Certificate folder | User Certificates folder and Other Certificates folder can be excluded. This requires you to install the certificate using EAServer Manager | Certificate folder. See Chapter 14, “Managing Keys and Certificates” for more information.
The user’s name appears on the right side of the window when the Excluded Digital IDs folder is highlighted.
To remove an existing excluded authorized digital ID, highlight the member and select File | Remove Member.
You can verify, export, or view information about an excluded digital ID by highlighting the digital ID and selecting the corresponding option from the file menu.
