Access control list performs identification, authentication and accountability of entities through login credentials including passwords. Access can be provided for data (Tier, Project, Sub-Project), for features, for favorites, and data density. These accesses can be defined to Capabilities, which can be assigned to a group of users. Access control is a security technique that can be used to regulate who or what can view or use resources.

• Access to First level of metric hierarchy (Mostly Tier)
• Access to Project/Sub-Project.
• Access to read/write for features for advance user.

• Users created locally in the system
• Users available in the LDAP server

• User
• Group
• Capabilities
• Projects,Sub-Projects

It is an identification of any user, by which user should be able to login. It contains User id, Password, Name, Email, Mobile etc. User can be authenticated by LDAP if LDAP settings are enabled.

User tab displays users, group(s), and capabilities assigned to that user. All the users created are displayed at left hand side of the window.In the adjoining column, it is displayed if these are local users or external users (i.e. LDAP) with DN for LDAP users.User with Admin capability can view native and LDAP users. Native users are displayed automatically. User can add more groups and capabilities to selected user.

Add New User

User can add a new native user by providing user details, such as, name, email, phone, and password. In addition, a user can be assigned to Group(s) and Capabilities. Other than admin, no other user can add a new user. On the User Management window, click theicon on the left. The User Details section is displayed where details of user, such as name, email, phone, password needs to be specified

LDAP Settings

The LDAP server setting requires parameters to be specified for LDAP authentication. (We will discuss later about LDAP)

It denotes the group of users. For example, there is a department like HR/Accounts and it has many users. Therefore, we can create a group for that and assign all those users to this group. By this handing, it is easy while doing changes in access.

Each group can have multiple users. Each group can also have access to multiple group of capabilities. If multiple capabilities are assigned to one group, then it makes union of allowed things. Case 1: if capability1 has access of Tier1 and capability2 has access of Tier2 then for Team Leads, we can assign both capabilities to have access for both tiers. Case 2: If user, which has capability2 access, is going for leave then capability2 can be assigned to other user with his own capabilities.

User with Admin capability can add/edit/delete native groups. There are LDAP groups too, which can be imported from LDAP server.On the Group Management window, left-hand side displays the groups available. Right hand side displays the list of users and capabilities assigned to that group.A group can have multiple users and multiple capabilities.By clicking on respective '+' button, user can assign more users and capabilities to selected group.

Creating a Group

On the Group Management window, click theicon. The Group Details section is displayed where user needs to provide the group details.

Assign Users to group

Click the icon within the Users section. The Add Users window is displayed. Select the user(s) from the list and click the Attach button. The user is attached with that group and displayed in the Users list.

Read all

Users with this capability have read only access for all tiers, all project/sub-projects and all features. User cannot write anything like cannot add/update any favorite, cannot add rules etc.

Read Write All:

Users with this capability have access to read and write for all tiers, all project/sub-project and all features except few features, which has access for Admin only.

Admin:

Other than read write, users with this capability have more access to do like add/update/delete users/groups/projects/, Audit log for all users.

Business:

Users with this capability have read only permissions and many other features are disabled like metric tree, compare etc. User is able to configure features and favorites available to Business User.

Custom:

A user can also create new Custom Capabilities.User can give mixed read/write permissions to first level of metric hierarchy (Mostly Tier). For example - user can give write permission to Tier1 but read only permissions to Tier2.

In addition, we need to assign Project/Sub-Project to the capability. Few objects like scripts, scenarios are not associated with metric hierarchy but they are belonging to one project/sub-project.Objects under a project/sub-project are authorized to view/edit by that capability which have access to that project/sub-project.