Recommendations for the Access Layer

The Access Layer is responsible for user access to both the Web Application and Windows Client. It also controls if any administrative functions can be carried out by the logged in user and can limit what collected data can be viewed.

Accessing the product software requires user authentication with a user name and password. Once a user is logged in, their actions can be further restricted via access controls built into the administrative features.

There are three types of access layer security functions:

Authentication 

A user name and password is required for authentication to use the software. Providing a valid user name and password at login gives access to the Prognosis Server connected to the User Interface, as well as all other Prognosis Servers connected on the same port. Providing an invalid username and/or password gives no access.

Access Control

Access control is normally provided through either the Security dialog box of the Windows Client or the SECURITY Configuration.

The Security dialog box of the Windows Client allows for different levels of access to be assigned for each type of function, such as Databases and Thresholds, for all system users. It does not provide for security at an individual user level nor can it restrict access to command execution.

The SECURITY Configuration can be used through either the Web Application or Windows Client to control the permissions for each individual user to perform tasks on each server and to restrict access to command execution, such as performing tasks using IRCMD.

Role Based Security (Web Application only)

The Web Application includes a 'Role-Based 'Security mechanism. This is used to define a set of capabilities and privileges for Web Application users, such as the Home page that displays when the user logs in and what Navigation Trees they can see in the "View Systems' page. This feature does not affect the Windows Client.