In the IGEL UMS, you want to assign permissions or roles to administrators according to various responsibilities.
In the IGEL UMS, you can create user or administrator accounts, and you can assign rules to them, but it is not possible to assign roles.
You would like to group administrators according to their tasks in order to achieve a clearly structured management of user rights.
Within your company you already maintain employee accounts using an Active Directory or LDAP.
As best practice, we suggest connecting the UMS with the user accounts of the Active Directory. You maintain the user and group accounts in the Active Directory only. In the UMS, you assign rights to the imported groups.
Transferring Active Directory groups to the UMS and assigning permissions and roles to them:
Click UMS Administration > Global Configuration > Active Directory / LDAP to integrate your Active Directory.
In the UMS console click System > Administrator accounts > Import, to import groups from the tree of your Active Directory.
Assigning roles to groups in the IGEL UMS on the basis of authorization rules:
- Click System > Administrator accounts > Groups > Edit to directly assign general group rights.
- Assign object-related access rights via object permissions, choosing Access Control in the context menu of any object.
This way, you can assign certain roles to administrators of the UMS according to their group memberships.
- Permissions are inherited from a parent directory to a child directory or to a subordinated object.
- It is possible to change indirect rights, i.e. rights which are given by group assignment. However, directly assigned rights take precedence over indirectly assigned rights.
- An administrator can be a member of different groups and receives the corresponding rights. If they are contradictory, the deprivation of a right takes precedence over the permission. If a prohibition for an action or an object of a group is issued, it will override any number of rights from other groups.
- Click Effective Rights to get more details about the rules collection, for example if a permission was given directly or if it was assigned by a group or by an inheritance within a tree structure.