|
Security
Q. Can you tell me what kind of security features are employed by
NetConsole/Timesheet ? More specifically, is it possible to set up
security contexts on the CF server to control access to the software?
A. Our NetConsoleTM/Timesheet uses NetConsole/iGate as the security
access control and navigation system, which is designed specifically for
Intranet applications
We have adopted the Dynamic Component Design as the basis for defining
"Who Gets to See What" and "Who Gets to Do What". First you define the Users
and the Groups, and assign users to groups. Then you assign Groups to
different business components, such as Module and Functions on our two top
menu bars. Depending on which group(s) you have been assigned to, you will
see and use only the modules and functions according to that group's
privileges. The security is tied down to the web page level. All of these
security access controls and the navigation system use single login to
authenticate the user's group privileges. All of this is managed by an
administrator using web interfaces in NetConsole/Timesheet's SysAdmin module.
This Dynamic Component Design is independent of Cold Fusion's security's
context, and is independent from the NT file and directory security as well.
You don't need to create CF security context to use NetConsole/Timesheet,
even though NetConsole/Timesheet is a Cold Fusion-based application.
Q. Can we authenticate against the LDAP server ?
A. Customization is required to modify the system
autheneication method to use LDAP.
Q. The group based security is probably more
complicated than we need. Is it possible to bypass this?
A. The Group access control is designed to help you
define different Groups to get access to different areas in the application.
Without the Group Access Control, all of your users will have the equal
rights to access and manipulate the system. You can always drop the Group
Security by letting everyone in the SysAdmin group.
|
