Control user access to Web interface
In Adaxes, access to directory objects is controlled by security roles. Adaxes Web interface changes dynamically based on the permissions of the currently logged on user. For example, if a user doesn't have the permission to perform an operation, the operation will not be available and even visible for them. If a user isn't allowed to view an object, the object will never be displayed in the Web interface.
For details on how to disallow users to view certain directory objects, see Hide directory objects from users.
In addition to controlling access with the help of security roles, you can completely disallow specific users or groups to use a Web interface. For example, you may not want members of the Administrators group to use a Web interface hosted in the DMZ.
-
Open Adaxes Web interface configurator.
How
-
On the computer where Web interface configurator is installed, open Windows Start menu.
-
Click Adaxes Web Interface Configurator.
To configure the Web interface, you need to have the appropriate permissions.
Permissions
The permissions to configure the Web interface are delegated via security roles. By default, only service administrators have the appropriate permissions. To enable other users to configure the Web interface, grant them the corresponding permissions.
To create a security role that grants the permissions to configure Web interface:
-
In Adaxes Administration console, right-click your Adaxes service, point to New and click Security Role.
-
Enter a name for the new security role and click Next.
-
On the Permissions step, click the down arrow embedded into the Add button and click Configure Web Interface.
-
Click Next and follow the steps in the wizard.
-
-
In the top left corner, select the Web interface you want to customize.
-
In the left navigation menu, click Access control.
-
In the User access section, specify users and security groups you want to allow or deny access for.
The Deny access for all users option can be useful if you have a Web interface that is used for self-service password reset only. If selected, no one will be allowed to sign in to the Web interface, and at the same time the password self-service feature will be available through it.
-
Save the changes.
The settings in a section can be applied to other Web interfaces. For this purpose, in the top right corner of the section, click the down arrow button and click Apply to other Web interfaces.
View screenshot { #collapse3}