Ricoh InfoPrint Pro C900AFP InfoPrint Manager - Page 49
Security groups, helpdesk, Important, acl_admin, Administrator, myuserid, admin, Job Ticketer
View all Ricoh InfoPrint Pro C900AFP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 49 highlights
Security groups No matter what size organization you work in, manually adding every user to every ACL can be a time-consuming process. To reduce some of the work, you can create security groups, groups of users who need to have the same levels of permission for the same objects. You use the name of the security group like a user ID; instead of adding each user ID to an ACL, you add the group name. For example, if you want all of your help desk operators to be able to perform the same operations, create a group and name it helpdesk. Then, add helpdesk to the appropriate ACLs. Important: All fields, such as User IDs, group names, hostnames, and DNS suffixes, are case sensitive. When you install InfoPrint Manager, three security groups are created by default: v acl_admin- Users who have authority to manage security by changing access control lists and groups. The default members are Administrator@* and the user who was logged on when InfoPrint Manager was installed (for example, myuserid@*). v admin- Users who have administrator authority. The default members are Administrator@* and the user who was logged on when InfoPrint Manager was installed (for example, myuserid@*). v oper- Users who have operator authority. The default member is Administrator@*. Note: 1. If you have installed InfoPrint Job Ticketer as part of the Print-on-Demand feature, the Job Ticketer group is created. Unlike the other groups, there are no default users created during installation. See InfoPrint Job Ticketer: Administrator's Guide for more information. 2. You can modify these groups as needed. In the example above, you could have simply added the help desk operators to the default oper group and modified any permissions that weren't set to the level that you wanted them. 3. The default group members contain the wildcard character (*) for greater flexibility. See below for more information about wildcarding. If you do not want the Administrator user on other systems to be able to administer InfoPrint Manager, replace the * with the explicit address of the system that the InfoPrint Manager server is installed on, for example [email protected]. You can add users to multiple groups, but you cannot make one group a member of another group. For example, if you hire five new print operators, you might create a group for them called trainees, since you only want them to have limited permissions until they are finished with their training. When they finish their training, you cannot add trainees as a member of the operators group. You will have to add their user IDs to the operators group one at a time. In addition, you will have to either delete the trainees group or delete the members from it- otherwise those users will have conflicting levels of permission. When users are members of more than one group and each group has a different level of permission for a particular object, the most restrictive permission applies. In the example above, if you forgot to remove the new employees from the trainees group at the end of their training, they wouldn't be able to perform the tasks their job required- they would still be restricted. Chapter 7. Managing security 31