If your organization uses Microsoft Active Directory (AD), you can give an AD group a specific set of permissions in the Synthesis repository. The members of the AD group can then access the database based on the set of permissions associated with the group.
In addition, the software offers the option to automatically update the permissions of a user whenever that user is added or removed from an AD group. For example, if a user is moved from AD group A to AD group B, his/her Synthesis user account can be automatically updated with the permissions associated with AD group B. The changes will take effect the next time the user connects to the database via any of the Synthesis desktop applications. (Note that for users who will connect only via the Synthesis Enterprise Portal (SEP) website, you’ll need to update their permissions manually either via a desktop application or the Synthesis Admin tool on the web server.)
Tip: Multiple security groups can be assigned to the same user account, if appropriate. For example, a user can be assigned to the "ABC Team" group (which is associated with Active Directory) and the "Read-Only" group (which is not). (See Planning Your Security Approach.)
To associate a Synthesis security group with an Active Directory group, choose File > Manage Repository > Authorized Users and click the Security tab. Then double-click the security group you want to edit.
In the Edit Security Group window, select the Associate this security group with Active Directory check box, and then specify the domain name and Active Directory group to use. There are two additional options, which apply only when users log in from a Synthesis desktop application:
Automatically update this security group's members. If a user is added to the AD group, his/her Synthesis user account will automatically have this set of permissions the next time the user logs in to the database via any of the Synthesis desktop applications. Likewise, if the user leaves the AD group, his/her Synthesis user account will no longer have this set of permissions.
If you do not want the changes in Active Directory to be automatically applied to a particular user, clear the Update security groups upon login check box in that user's account in the Synthesis repository.
Automatically create new user accounts on first login. If a member of the AD group does not already have a Synthesis user account, it will be created automatically (and assigned to this security group) the first time he/she tries to connect via any of the Synthesis desktop applications.
If you don’t want to wait for all users to log in before creating/updating their Synthesis user accounts, click Assign.
To create new accounts, choose Import users who are members of this Active Directory group. This opens the Import Users from Active Directory window, but you can only choose users from the associated Active Directory group.
To update the security groups for existing accounts, choose Assign existing repository users who are members of this Active Directory group. This shows a list of existing Synthesis users who also belong to the associated Active Directory group; you can select to update any or all of their accounts.
© 1992-2016. ReliaSoft Corporation. ALL RIGHTS RESERVED.
E-mail Link |