Distributing Privileges

To distribute privileges between system users, use the Privileges section on the navigation panel.

NOTE. When roles of information security administrator and application administrator are separated, the Privileges section is available only for information security administrator.

There is a list of default privilege holders next to each privilege. The owner of the ADMIN schema is included in the Administrators built-in group and inherits a set of privileges of this group.

The privilege enables the users to log in to the system.

This privilege is granted by default to the Administrators and the Users built-in groups.

When roles of information security administrator and application administrator are separated, this privilege will e granted to the Administrators and the Users built-in groups, and the <schema name>_ISA information security administrator.

The privilege enables the users to execute the following operations:

In the Users section:

Change users properties.
Change user password.
Edit service user.
Work with personal user folders.
Export users list in the *.csv format.
View connected users.

In the Groups section:

Create a group of users.
Change properties of a group of users.

In the Privileges section:

Add and remove privilege holders.

In the Policies Editor section:

Set up general policy.
Set up password policy.
Select access control methods and set up access control.
Set up workstation and printer access.

In the Object Classes section:

Select auditing and history operations.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the <schema name>_ISA information security administrator.

The privilege enables the users to execute the following operations in the Navigator:

Change object access control parameters.
View access permissions as icons.
Separate access permissions for MDM dictionary elements.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the <schema name>_ISA information security administrator.

The privilege enables the users to execute the following operations:

Create relational objects at DMS level.
View and open all objects in the navigator.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the Administrators built-in group.

The privilege enables the users to clear access protocol in the Access Protocol section.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the <schema name>_ISA information security administrator.

The privilege enables the users to view access protocol in the Access Protocol section.

This privilege is granted by default to the Administrators and the Users built-in groups.

The privilege enables the users to execute the following operations in the Users section:

Create and delete users.
Add and delete domain users.
Add and delete domain groups of users if the user has the Changing User Permissions, Distributing Roles, Changing Policy permission.
Edit service user
Change user's common properties.
Change user password
Work with personal user folders
Export users list in the *.csv format
View connected users.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the owner of the ADMIN schema.

The privilege enables the users to disconnect other users connected to a repository in the Users section.

This privilege is given by default to the owner of the ADMIN schema.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the <schema name>_ISA information security administrator.

The privilege enables the users to execute the following operations:

In the Users section:

Update user permissions.

In the Groups section:

Update permissions of a group of users.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the Administrators built-in group.

The privilege enables the users to open the object navigator.

NOTE. The user who does not have this privilege can open repository objects, for which he has access permissions, using a link to the specified object or on the web application start page.

This privilege is granted by default to the Administrators and the Users built-in groups.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the Administrators built-in groups.

The privilege enables the users to execute the following operations:

Create an update in the update manager.
Install update in the update manager.
Copy calculation algorithms in the object navigator.
Copy elements located in the working area, in the calculation algorithms.

This privilege is given by default to the Administrators built-in group.

When roles of information security administrator and application administrator are separated, this privilege will be granted only to the application administrator.

To delete the selected privilege holders, click the Delete button in the Privilege Holders dialog box in the desktop application and on the Privilege Holders side panel in the web application.

NOTE. If a domain user/group is selected as the privilege holder, which is not created in Foresight Analytics Platform, the process of creating a domain user/domain group will be started.

In the web application click the Save button on the toolbar or on the side panel.

In the desktop application execute one of the operations:

Select the Repository > Apply Security Policy main menu item.
Click the Apply Security Policy button on the toolbar.

NOTE. If section parameters have been changed, an attempt to go to another section of the security manager or to close it displays a request to apply changed settings.