Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference ODBC Database If through either kind of name resolution, no Domain is identified, the applicable Policy is checked for a Default Domain. The Default Domain is used if it is specified in the Policy. Otherwise, the Master Domain is used as a default. 3.5.2 Organizational Units Within a Domain, Organizational Units can be used to group Digipass User Accounts and Digipass. They are primarily used in Digipass Plug-In for SBR to allocate unassigned Digipass to groups of users such as offices or departments. In other VASCO products, they can also be used to provide delegated administration by user group. Organizational Units can be created as a hierarchy, in a similar way to Active Directory/LDAP. It is not permitted to create a circular chain in the hierarchy. Organizational Units are not used as a naming scope in the same way as Domains. It is permitted to move Digipass User Accounts and Digipass between Organizational Units whenever required. However, a Digipass that is assigned to a Digipass User Account must belong to the same Organizational Unit, as well as the same Domain. Upon assignment, or upon moving the Digipass User Account, the Digipass is moved automatically. It is not permitted to move an assigned Digipass – instead, you must move the Digipass User Account, which may have other Digipass assigned also. Organizational Units have no effect on the authentication process, with the exception of Auto- and Self-Assignment – the Digipass to be assigned must be in the same Organizational Unit as the Digipass User Account. However, if you enable the 'Search up Organizational Unit Hierarchy' Policy setting, the Digipass may be located higher up the Organizational Unit structure, provided it is still in the same Domain. © 2006 VASCO Data Security Inc. 50
Digipass Plug-In for SBR Administrator Reference ODBC Database 3.6 Database User Accounts It is important to consider which database user accounts will be utilized when installing, running and administering Digipass Plug-In for SBR. There are a few main roles that need to be considered: Schema creator. A database user account is needed to create the tables used by Digipass Plug-In for SBR. Typically this would be either a fully privileged DBA account, or the account that will own the schema. Schema owner. This may be the same as the schema creator. If not, the schema creator can transfer ownership of the new tables after they have been created. SBR Plug-In account. This may be the same as the schema creator or owner, but as it does not need extensive permissions on the tables, you may prefer to use an account with less privileges. Administrator account. Administrators may be allowed to log directly into the database in order to administer data. If so, the Adminstration MMC Interface will require a database user account with sufficient permissions to modify the data as required. It is not necessary to create a separate account, but you may prefer to do so, in order to control the permissions strictly. You may even create multiple administrator accounts with different permissions. A few elements need to be taken into account when setting up these various database user accounts. 3.6.1 Permissions on the Tables The following permissions are required by the SBR Plug-In and administrator accounts: Table 22: Table Permissions Required Table SBR Plug-In Administrator vdsControl SELECT, INSERT*, UPDATE* SELECT vdsUser SELECT, INSERT**, UPDATE SELECT, INSERT, UPDATE, DELETE*** vdsUserAttr SELECT SELECT, INSERT, UPDATE, DELETE*** vdsDigipass SELECT, UPDATE SELECT, INSERT, UPDATE, DELETE*** vdsDPApplication SELECT, UPDATE SELECT, INSERT, UPDATE, DELETE*** vdsPolicy SELECT SELECT, INSERT, UPDATE, DELETE*** vdsComponent SELECT SELECT, INSERT, UPDATE, DELETE*** vdsBackEnd SELECT SELECT, INSERT, UPDATE, DELETE*** vdsDomain SELECT SELECT, INSERT, UPDATE, DELETE*** vdsOrgUnit SELECT SELECT, INSERT, UPDATE, DELETE*** * The SBR Plug-In does not need INSERT and UPDATE permission on the vdsControl table itself. However, when the SBR Plug-In Configuration GUI is used to Configure Advanced Settings, the same database user account is used as the SBR Plug-In, and at this time the INSERT and UPDATE permissions are needed. ** INSERT permission is only required when Dynamic User Registration is used. *** In general, SELECT permission is required on all tables, but you can restrict any of INSERT, UPDATE and DELETE permissions according to the restrictions you need to impose upon your administrators. © 2006 VASCO Data Security Inc. 51
Page 1 and 2: Modify these field values (right-cl
Page 3 and 4: Digipass Plug-In for SBR Administra
Page 49: Digipass Plug-In for SBR Administra
Page 101 and 102:
Digipass Plug-In for SBR Administra
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?