When performing a new installation or if upgrading from an earlier version, the following information should be noted to ensure that adequate security is maintained over the system.
On a new installation, only one pre-defined role is included, that is the 'Public' role. The' Public' role is initially setup with Administration permissions granted. On installation, all users/groups will be assigned to the 'Public' role by default and will therefore have Administration access.
In order to secure the system, it is advisable to carry out the following steps as soon as possible:
1. Create a new role with Administration permissions, e.g. 'Administrator'.
2. Add any users/groups to this role who should have Administration access.
3. Logout from the Web Application and then log back on to apply the new role changes for the current user.
4. Remove the Administration permissions from the 'Public' Role (by selecting 'View Systems' or 'No Access').
For details of how to carry out these steps please refer to the Adding a Security Role.
Upgrading From a Version Earlier Than 10.4
When upgrading from a version earlier than 10.4, it may have had the security configured in the Settings.xml file in the <Prognosis_Home>/WebUI/IIS folder. The upgrade procedure will translate these previous settings into the corresponding 'permissions' in the latest version.
At this stage, no further changes should be required. However, it is suggested that the System Administrator verifies that the permissions are set correctly for each existing role. There will be some exceptions that are treated in the following way:
If no Administration roles are found in the Settings.xml file, or if there are Administration roles but there are no users assigned to any of these roles, then the 'Public' role will be given full Administration access in order to avoid lock-out.
Roles with Administration permission but without View permission are no longer supported. therefore, if a role is found to have Administration permissions but no View access, then both View Only and Administration permissions will be granted.