Access Rights - Presentation
Principle
Watchdoc is a product that processes sensitive or sometimes confidential information. It is therefore important to assign specific access rights to each administration profile.
Watchdoc has a configuration tool for managing access rights to its various administration interfaces. Depending on the rights assigned to each user, they will have access to a greater or lesser number of administration interfaces.
From version Watchdoc 6.0.0.4843 onwards, when servers are organised into Domains (master/slave configuration), a Global checkbox enables the rights defined for the master server to be replicated on the other servers that depend on it (slaves). This feature saves time and improves consistency during initial configuration.
When the rights of a role, a user group or a user are modified during use, all users affected by the modification are instantly disconnected. A message informs users that they are not authorised ("You are not authorised to access this section", for example).
Authentification modes
Watchdoc proposes two ways of accessing the administration interface:
-
access in maintenance mode: this access method is dedicated to the systems administrator with administrator rights for all Watchdoc functions. The password for this access mode is defined during product installation.
-
access in Windows® mode: this mode allows users to authenticate themselves from the Windows® account
-
authentication is either retrieved by the system using the
button; ; -
or is input by the user in the Username and Password fields:
→ Once authenticated, user have access to the administration interfaces for which they have been granted access rights.
Steps
Before configuring administrator rights in Watchdoc®, you must have first configured the user groups in the LDAP directory.
In order to configure administrator rights in Watchdoc®, you must:
-
allocate the Watchdoc Operators Special Rights to each user or group of users authorised to access the Watchdoc® administration interface;
-
allocate the Systems Administration rights to the users or group of users authorised to administrate all Watchdoc functions and allocate the Watchdoc Operators rights to this (these) group(s) of users. Users allocated the Systems Administration rights take on all roles appearing in the list of Administrator Roles, with the exception of the Document Preview role which, in order to be activated, must be allocated to a specific group of users;
-
for each Administrator Role appearing in the list, specify the users or groups of users to which it is allocated.
Examples
Rights management example in Watchdoc:
-
members of the LDAP Print Administrators group have all administrator rights in Watchdoc, including authorisation to preview documents printed by users;
-
members of the LDAP "Print Queue Manager" group are authorised to manage print queues and documents;
-
members of the LDAP "User (Print) Manager" group are authorised to manage users and their virtual wallets;
-
members of the LDAP "(Print) Price Manager" group are authorised to manage the print prices.
In order to obtain this result, the Watchdoc access rights must be configured as follows:
Special Operator Rights
Watchdoc Operators
- ADM_IMPR = "Print Administrators" group in the LDAP directory;
RESP_FILES_IMPR = "Print Queue Managers" group in the LDAP directory;
RESP_UTIL_IMPR = "(Print) User Managers" group in the LDAP directory;
RESP_TARIF_IMPR = "(Print) Price Managers" group.
Systeme administrators
- ADM_PRINT = = "Print Administrators" group in the LDAP directory.
Administrator roles
File management
- RESP_FILES_IMPR= "Print Queue Manager" group in the LDAP directory;
Virtual wallet management
- RESP_UTIL_IMPR = "(Print) User Manager" group in the LDAP directory;
Price management
- RESP_TARIFS_IMPR= "Print Price Manager" group in the LDAP directory;
Users management
- RESP_UTIL_IMPR = "(Print) User Manager" group in the LDAP directory;
Document preview
- ADM_IMPR = "Print Administrators" group in the LDAP directory.