Access Control

From jVantage

jVantage uses an account management approach where users and groups are defined outside of any particular application; they are free-standing entities that can be granted and/or denied access to zero or more applications, or aspects of those applications. This provides a more manageable and intuitive user experience since it inherently supports a single sign on behavior for all your jVantage applications.

Users and groups are defined from the Root Context page via the accounts or groups links, which appear near the top of the screen as shown in Illustration 14. As you might expect, groups are comprised of zero or more users. Access controls are then applied at the group level, meaning that the same access privileges apply to all members of the group.

Access privileges can only be assigned at the group level, meaning that there is no way to grant or deny privileges to a single user account. This is the most commonly employed approach for access control in enterprise systems because of the performance and resource costs that would be associated with user-level access control. In the unusual scenario where specialized access privileges must be defined for a single user, create a group with the desired access privileges and assign the user to that group.

Creating User Accounts

User accounts can be created in two ways. One is to create new user accounts from the Root Context page, the other is to allow users to sign up for accounts themselves. (#TODO)

Creating Users from the Root Context Page

To add a new user, select the accounts link from the Root Context view. This takes you to the user (principal) list. Select the Create new Principal option near the bottom of the screen. A new screen appears where you can enter the user account information. On the new user input form, required fields are indicated with a red asterisk. The login name is the ID that the user will use to login to jVantage.