User Administration of Group Member Access
Administrators can give workstation users the partial ability to manage access control for custom groups.
Self-administration of group member access gives rights to non-administrators to add and delete members in a custom group. The administrator creates a User List file and sets up group access in the Access Control.cfg file for the new group members.
Accessing the Servers Manager
Setting up the User List file and synching it with the Communications.cfg file is done in the Servers Manager workspace.
-
On the worktop, click the Admin tab > Dataset and Profile tab.
-
Open the Servers Manager workspace.
-
Right-click >your server name> in the diagram and select Files.
The server files will open in a table with columns File,
<server name>
, and Temp. -
Make Local by right-clicking in the server column of a server file (for this feature Access Control and Components/Communications.cfg).
A white checkmark will appear in the Temp column. You can edit in the Temp folder. Then right-click the checkmark and Save To the server. (It turns red when synched with server).
Create a User List.cfg file
The administrator needs to create a User List.cfg file in the Access Control folder.
-
Right-click** Access Control** row in the Temp column and select Open > Folder.
The Access Control folder in the Temp folder will open listing a single Access Control.cfg file.
-
Add another text file to this folder and name it User List.cfg (next to the Access Control.cfg).
-
Add the following parameters to the User List.cfg file.
The User List file should contain a vector of AccessGroup objects, and each AccessGroup object should have a name and a vector of strings called Members.
Access Control Groups = vector: 1 items
0 = AccessGroup:
Name = string: Group 1
Members = vector: 1 items
0 = string: CN:Joe User
You can then edit and add users this in the Workstation view of the User List.cfg file.
Here’s the most basic parameters to add to the User List.cfg file. The Members can then be added in the Workstation view.
Access Control Groups = vector: 1 items
0 = AccessGroup:
Name = string:
Members = vector: 0 items
The Name field in each Access Group will be referenced within the Access Control.cfg file.
Set up the Communications.cfg file
An administrator first enables this feature by opening the Components > Communications.cfg file and adding a new key with the name Access Control User List File. The string value of this key is the path where this new file will be located.
-
From the server files, click Components and right-click the checkmark in the server column. Click Make Local.
A white checkmark will appear in the Temp column.
-
Right-click the checkmark in the Temp column and select Open > in Workstation.
-
In the Communication.cfg file, right-click component and select Add Custom Key.
-
Type the Name as Access Control User List File and set Of Type as String.
note note NOTE You cannot create the new list file as a Path. To remedy this, you need to save the file, open it in an editor (Notepad), and change “String” to “Path”: Before:
code language-none component = CommServer: Access Control File = Path: Access Control\\Access Control.cfg Access Control User List File = <string>: Access Control\\User List.cfg
After:
code language-none component = CommServer: Access Control File = Path: Access Control\\Access Control.cfg Access Control User List File = <Path>: Access Control\\User List.cfg
-
Save the Communications.cfg file and (if necessary) save it to the server. This will restart components in the server to make sure you haven’t made any mistakes that could prevent the Communications.cfg file from being parsed.
-
If your system includes processing servers, modify the configuration file in the Components for Processing Servers.cfg file.
-
Right-click Communications.cfg and save to server.
The Data Workbench administrator can now confirm that the intended user(s) have access to the user list file and allow the users to manage the group. The user(s) will be able to open the User List file, edit it, and add and remove CN or OU members as needed.
Synch up the Access Control.cfg file
The administrator can then edit the Access Control.cfg and insert references to the group(s) defined by the User List file.
The references to the group(s) should be inserted just like any other member, but with the following syntax:
$(Group Name)
Where “Group Name” matches what’s defined in the user list file, including white spaces.
At this point the Data Workbench administrator can confirm that select group users have access to the user list file. The select users can then open the User List.cfg file, edit it, and add and remove CN or OU members as needed.