FS
Documentation

Duty3G/User Guide/Duty3G Access

This page was last modified 05:40, 6 August 2007.

From Documentation

< Duty3G | User Guide(Difference between revisions)
Jump to: navigation, search
Revision as of 04:06, 19 June 2006
Daniels (Talk | contribs)

← Previous diff
Current revision
Moff (Talk | contribs)
( Getting Started)
Line 1: Line 1:
 +==[[Duty3G/User Guide | Getting Started]]==
 +
 +== Duty3G Access ==
 +
Detailed information on accessing COSmanager applications can be found in the section COSmanager Users and Access Controls of the COSmanager User Guide. The information in this chapter is a summary of the relevant details from that manual. Detailed information on accessing COSmanager applications can be found in the section COSmanager Users and Access Controls of the COSmanager User Guide. The information in this chapter is a summary of the relevant details from that manual.
To access COSmanager, a user must first have a UNIX account on the same host as COSmanager, or on a networked host. To actually run any COSmanager applications, users must have access rights to the required COSmanager menus and options. To access COSmanager, a user must first have a UNIX account on the same host as COSmanager, or on a networked host. To actually run any COSmanager applications, users must have access rights to the required COSmanager menus and options.
-== Roles ==+==== Roles ====
 + 
COSmanager access is controlled by assigning to selected users one or more roles. Roles equate to responsibilities shared by some staff. Each role translates to a set of capabilities that determine users’ access to menus and functions in individual COSmanager COSmanager access is controlled by assigning to selected users one or more roles. Roles equate to responsibilities shared by some staff. Each role translates to a set of capabilities that determine users’ access to menus and functions in individual COSmanager
applications. applications.
- +[[Image:Duty roles.png|frame|Figure 2 — Capabilities and roles]]
By grouping users with similar access requirements and responsibilities, you can avoid having to allocate capabilities to individual users and security is enhanced by granting access rights according to job function, rather than to transient individuals. By grouping users with similar access requirements and responsibilities, you can avoid having to allocate capabilities to individual users and security is enhanced by granting access rights according to job function, rather than to transient individuals.
-duty3G is supplied with a set of default roles such as those shown in the diagram below. These roles can be modified to more accurately reflect the needs of an installation.+Duty3G is supplied with a set of default roles such as those shown in the diagram below. These roles can be modified to more accurately reflect the needs of an installation.
- Figure 4 — Capabilities and roles+ 
 +<br>
 + 
 +==== Capabilities ====
-== Capabilities == 
COSmanager applications such as duty3G ‘interpret’ each one of a user’s roles, to determine what capabilities are granted to the user in that application. COSmanager applications such as duty3G ‘interpret’ each one of a user’s roles, to determine what capabilities are granted to the user in that application.
- Note By convention, role names use initial capitals (“Admin”) and capabilities do not (“dutysuper“).+ 
 +{{Note|By convention, role names use initial capitals (“Admin”) and capabilities do not (“dutysuper“).}}
The capabilities associated with roles in duty3G can be viewed and modified by users with top-level privileges only. Examples of capabilities used within duty3G are shown in the table below and the full set can be viewed under duty3G configuration > Maintain > Access roles. The capabilities associated with roles in duty3G can be viewed and modified by users with top-level privileges only. Examples of capabilities used within duty3G are shown in the table below and the full set can be viewed under duty3G configuration > Maintain > Access roles.
 +
 +{| border="0" cellpadding="0" cellspacing="5"
 +! width="90" align="left" | <u>Capability</u>
 +! align="left" | <u>Description</u>
 +|-
 +! align="left" | dutysuper
 +| Maintain all duties, including those requiring superuser access
 +|-
 +! align="left" | dutyadmin
 +| Maintain all duties, except those requiring superuser access
 +|-
 +! align="left" | runall
 +| Perform all duties
 +|-
 +! align="left" | runouts
 +| Perform outstanding duties
 +|-
 +! align="left" | runsched
 +| Perform scheduled duties
 +|-
 +|}
From this example, users without dutysuper or dutyadmin capability should not be able to maintain any duty or access duty3G configuration. From this example, users without dutysuper or dutyadmin capability should not be able to maintain any duty or access duty3G configuration.
-Steps to Obtaining Access to duty3G+<br>
 + 
 +==== Steps to Obtaining Access to duty3G ====
 + 
#Add user to COSmanager as either a user or a group. #Add user to COSmanager as either a user or a group.
#Assign appropriate COSmanager roles to the user, creating new role if required. #Assign appropriate COSmanager roles to the user, creating new role if required.
#Ensure capabilities assigned to role within duty3G are adequate by examining the ‘duty3G Access Capabilities/Roles’ table under duty3G configuration > Maintain > Access roles. Amend or add roles as required. #Ensure capabilities assigned to role within duty3G are adequate by examining the ‘duty3G Access Capabilities/Roles’ table under duty3G configuration > Maintain > Access roles. Amend or add roles as required.
-=== Capability Description === +<br>
-;dutysuper: Maintain all duties, including those requiring superuser access +==== Functions by Role ====
-;dutyadmin: Maintain all duties, except those requiring superuser access+ 
-;runall: Perform all duties+There are a number of standard roles supplied with COSmanager and inherited by duty3G. Following are what functions each standard role can perform. See [[Duty3G/User Guide/Appendix B — duty3G Menus by Role | Appendix B - Duty3G Menus by Role]].
-;runouts: Perform outstanding duties+ 
-;runsched: Perform scheduled duties+{| border="1" cellpadding="3" cellspacing="0"
 +|+'''Duty Console'''
 +! width="40" |
 +! width="115" | Admin
 +! width="115" | Auditor
 +! width="115" | Manager
 +! width="115" | Operator
 +! width="115" | SeniorOp
 +! width="115" | User
 +|-
 +! align="left" valign="top" rowspan="3" | File
 +| Remote
 +| Remote
 +| Remote
 +| Remote
 +| Remote
 +| Remote
 +|-
 +| Duty audit trail
 +| Duty audit trail
 +| Duty audit trail
 +|
 +| Duty audit trail
 +|
 +|-
 +| Duty compliance
 +| Duty compliance
 +| Duty compliance
 +|
 +| Duty compliance
 +|
 +|-
 +! align="left" valign="top" rowspan="5" | Duty
 +| Perform selected
 +| Perform selected
 +| Perform selected
 +| Perform selected
 +| Perform selected
 +| Perform selected
 +|-
 +| Perform outstanding
 +|
 +| Perform outstanding
 +| Perform outstanding
 +| Perform outstanding
 +|
 +|-
 +| Mark done
 +|
 +| Mark done
 +|
 +|
 +|
 +|-
 +| Add comment
 +| Add comment
 +| Add comment
 +| Add comment
 +| Add comment
 +| Add comment
 +|-
 +| Duty notes
 +| Duty notes
 +| Duty notes
 +| Duty notes
 +| Duty notes
 +| Duty notes
 +|-
 +! align="left" valign="top" rowspan="10" | View
 +| Outstanding
 +|
 +| Outstanding
 +| Outstanding
 +| Outstanding
 +|
 +|-
 +| At request
 +| At request
 +| At request
 +| At request
 +| At request
 +| At request
 +|-
 +| Scheduled
 +|
 +| Scheduled
 +|
 +| Scheduled
 +|
 +|-
 +| Automatic
 +|
 +| Automatic
 +|
 +|
 +|
 +|-
 +| Upcoming duties
 +|
 +| Upcoming duties
 +| Upcoming duties
 +| Upcoming duties
 +|
 +|-
 +| For all
 +| For all
 +| For all
 +| For all
 +| For all
 +| For all
 +|-
 +| For duty list
 +| For duty list
 +| For duty list
 +| For duty list
 +| For duty list
 +| For duty list
 +|-
 +| For host
 +| For host
 +| For host
 +| For host
 +| For host
 +| For host
 +|-
 +| For role
 +| For role
 +| For role
 +| For role
 +| For role
 +| For role
 +|-
 +| Options
 +| Options
 +| Options
 +| Options
 +| Options
 +| Options
 +|}
 + 
 + 
 +{| border="1" cellpadding="3" cellspacing="0"
 +|+'''Duty Configuration'''
 +! width="40" |
 +! width="115" | Admin
 +! width="115" | Auditor
 +! width="115" | Manager
 +! width="115" | Operator
 +! width="115" | SeniorOp
 +! width="115" | User
 +|-
 +! align="left" valign="top" rowspan="9" | Duty
 +| Add
 +|
 +| Add
 +|
 +|
 +|
 +|-
 +| Change
 +|
 +| Change
 +|
 +|
 +|
 +|-
 +| Clone
 +|
 +| Clone
 +|
 +|
 +|
 +|-
 +| Remove
 +|
 +| Remove
 +|
 +|
 +|
 +|-
 +| Reorder
 +|
 +| Reorder
 +|
 +|
 +|
 +|-
 +| Move to duty list
 +|
 +| Move to duty list
 +|
 +|
 +|
 +|-
 +| Duty notes
 +|
 +| Duty notes
 +|
 +|
 +|
 +|-
 +| Test
 +|
 +| Test
 +|
 +|
 +|
 +|-
 +|
 +|
 +| Unlock
 +|
 +|
 +|
 +|-
 +! align="left" valign="top" rowspan="8" | View
 +| At request
 +|
 +| At request
 +|
 +|
 +|
 +|-
 +| Scheduled
 +|
 +| Scheduled
 +|
 +|
 +|
 +|-
 +| Automatic
 +|
 +| Automatic
 +|
 +|
 +|
 +|-
 +| Upcoming duties
 +|
 +| Upcoming duties
 +|
 +|
 +|
 +|-
 +| For all
 +|
 +| For all
 +|
 +|
 +|
 +|-
 +| For duty list
 +|
 +| For duty list
 +|
 +|
 +|
 +|-
 +| For host
 +|
 +| For host
 +|
 +|
 +|
 +|-
 +| For role
 +|
 +| For role
 +|
 +|
 +|
 +|-
 +! align="left" valign="top" rowspan="5" | Tools
 +| Config report
 +|
 +| Config report
 +|
 +|
 +|
 +|-
 +| Classes
 +|
 +| Classes
 +|
 +|
 +|
 +|-
 +| Schedules
 +|
 +| Schedules
 +|
 +|
 +|
 +|-
 +|
 +|
 +| Access roles
 +|
 +|
 +|
 +|-
 +| Sync crontab
 +|
 +| Sync crontab
 +|
 +|
 +|
 +|}
 + 
 + 
 +{{Note| The '''Admin''' role cannot add, change or remove duties that have ''Run as user'' set to '''root''' or '''cosmos'''}}
 + 
 +<br>
 + 
 +==[[Duty3G/User Guide/Duty Management | Duty Management]]==
 + 
 +==[[Duty3G/User Guide/Adding and Maintaining Duties | Adding and Maintaining Duties]]==
 + 
 +==[[Duty3G/User Guide/Viewing and Performing Duties | Viewing and Performing Duties]]==
 + 
 +==[[Duty3G/User Guide/Appendix A — Installing duty3G | Appendix A - Installing duty3G]]==
 + 
 +==[[Duty3G/User Guide/Appendix B — duty3G Menus by Role | Appendix B - Duty3G Menus by Role]]==
 + 
 +==[[Duty3G/User Guide/Glossary|Glossary]]==
 + 
 +----

Current revision

Contents

Getting Started

Duty3G Access

Detailed information on accessing COSmanager applications can be found in the section COSmanager Users and Access Controls of the COSmanager User Guide. The information in this chapter is a summary of the relevant details from that manual.

To access COSmanager, a user must first have a UNIX account on the same host as COSmanager, or on a networked host. To actually run any COSmanager applications, users must have access rights to the required COSmanager menus and options.

Roles

COSmanager access is controlled by assigning to selected users one or more roles. Roles equate to responsibilities shared by some staff. Each role translates to a set of capabilities that determine users’ access to menus and functions in individual COSmanager applications.

Figure 2 — Capabilities and roles
Figure 2 — Capabilities and roles

By grouping users with similar access requirements and responsibilities, you can avoid having to allocate capabilities to individual users and security is enhanced by granting access rights according to job function, rather than to transient individuals.

Duty3G is supplied with a set of default roles such as those shown in the diagram below. These roles can be modified to more accurately reflect the needs of an installation.


Capabilities

COSmanager applications such as duty3G ‘interpret’ each one of a user’s roles, to determine what capabilities are granted to the user in that application.


Note
Note
By convention, role names use initial capitals (“Admin”) and capabilities do not (“dutysuper“).

The capabilities associated with roles in duty3G can be viewed and modified by users with top-level privileges only. Examples of capabilities used within duty3G are shown in the table below and the full set can be viewed under duty3G configuration > Maintain > Access roles.

Capability Description
dutysuper Maintain all duties, including those requiring superuser access
dutyadmin Maintain all duties, except those requiring superuser access
runall Perform all duties
runouts Perform outstanding duties
runsched Perform scheduled duties

From this example, users without dutysuper or dutyadmin capability should not be able to maintain any duty or access duty3G configuration.


Steps to Obtaining Access to duty3G

  1. Add user to COSmanager as either a user or a group.
  2. Assign appropriate COSmanager roles to the user, creating new role if required.
  3. Ensure capabilities assigned to role within duty3G are adequate by examining the ‘duty3G Access Capabilities/Roles’ table under duty3G configuration > Maintain > Access roles. Amend or add roles as required.


Functions by Role

There are a number of standard roles supplied with COSmanager and inherited by duty3G. Following are what functions each standard role can perform. See Appendix B - Duty3G Menus by Role.

Duty Console
Admin Auditor Manager Operator SeniorOp User
File Remote Remote Remote Remote Remote Remote
Duty audit trail Duty audit trail Duty audit trail Duty audit trail
Duty compliance Duty compliance Duty compliance Duty compliance
Duty Perform selected Perform selected Perform selected Perform selected Perform selected Perform selected
Perform outstanding Perform outstanding Perform outstanding Perform outstanding
Mark done Mark done
Add comment Add comment Add comment Add comment Add comment Add comment
Duty notes Duty notes Duty notes Duty notes Duty notes Duty notes
View Outstanding Outstanding Outstanding Outstanding
At request At request At request At request At request At request
Scheduled Scheduled Scheduled
Automatic Automatic
Upcoming duties Upcoming duties Upcoming duties Upcoming duties
For all For all For all For all For all For all
For duty list For duty list For duty list For duty list For duty list For duty list
For host For host For host For host For host For host
For role For role For role For role For role For role
Options Options Options Options Options Options


Duty Configuration
Admin Auditor Manager Operator SeniorOp User
Duty Add Add
Change Change
Clone Clone
Remove Remove
Reorder Reorder
Move to duty list Move to duty list
Duty notes Duty notes
Test Test
Unlock
View At request At request
Scheduled Scheduled
Automatic Automatic
Upcoming duties Upcoming duties
For all For all
For duty list For duty list
For host For host
For role For role
Tools Config report Config report
Classes Classes
Schedules Schedules
Access roles
Sync crontab Sync crontab


Note
Note
The Admin role cannot add, change or remove duties that have Run as user set to root or cosmos


Duty Management

Adding and Maintaining Duties

Viewing and Performing Duties

Appendix A - Installing duty3G

Appendix B - Duty3G Menus by Role

Glossary