Jump to: navigation, search

No Default Access for New Users

New users created in release 7.6 or later applications are, by default, not automatically assigned any default privileges—either access permissions or role privileges. In effect, the new users cannot log in to any interface or use a daemon application. Each new user must have the appropriate access privileges and roles assigned by either a system administrator or another existing user with appropriate access rights.

This feature is enabled by default, and applies only to new users created in release 7.6 or later. You can disable the feature if required.

Important
In this chapter, the term privileges is intended to mean both access permissions and role privileges.

Security Benefits

New users can be created in multiple ways—directly in a graphical user interface (GUI) or by using the Software Development Kit (SDK). This feature ensures that no user is assigned default privileges, regardless of how the user is created.

Supporting Components

This feature is configured in Genesys Administrator or Configuration Manager. It is not supported by Configuration Server 7.5 or earlier.

Genesys Desktop

Genesys Supervisor Desktop supports a complementary feature. For more information, see the Genesys Desktop 7.6 Deployment Guide.

Feature Description

New users created in release 7.6 or later are not automatically assigned any default privileges. In effect, the new users have no privileges and cannot log in to any interface or use a daemon application. Each new user must be explicitly assigned Roles and added to appropriate Access Groups by either a system administrator or by an existing user with access rights to modify the new user’s account.

By default, this new feature applies only to new users created in release 7.6 or later. If required, it can be disabled.

Compatibility with Previous Releases

New users created for release 7.5 or earlier Configuration Server Application objects imported into Configuration Server 7.6 or later are also subject to this feature unless the feature is manually disabled in each 7.5 or earlier Configuration Server Application object.

Feature Configuration

Important
To determine if this section refers to you, see Supporting Components above.

By default, this feature is enabled for all new users created in release 7.6 or later with the no-default-access configuration option in the [security] section. The Configuration Server application template contains this option set to its default value of zero (0 - No default access privileges). To disable this feature, set the option to one (1 - Default access privileges).

This feature is also enabled automatically for release 7.5 or earlier Configuration Server Application objects imported by Configuration Server release 7.6 or later. To maintain backward compatibility, you must manually add the no-default-access option in the [security] section to the options of each imported Configuration Server Application object, and disable the feature by setting the option to 1 (Default access privileges). This will ensure that new users created for those imported applications are assigned default permissions based on the rules present in the original release.

For a detailed description of this option, refer to the Framework Configuration Options Reference Manual.

To assign permissions to those new users who are subject to this feature, see Setting and Changing Permissions.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on April 21, 2016, at 12:08.