Advanced security
Advanced security is an extension of basic security . Basic security enables system security administrators to issue user certificates. These certificates authenticate the recipients as authorized system users. These users can access an organization's system and prevent others from doing so.
If advanced security is installed, then it also has basic security.
If it has only basic security or no security, then the system can be upgraded to advanced security.
Advanced security and basic security both use Secure Sockets Layer (SSL) to implement a secure connection for system configuration. The data connection of a running system engine remains unsecured.
Advanced security, which requires a security server, gives complete and detailed control over access to the message brokering system. With advanced security, you can set user-specific permissions. These define not only which system resources each user can access, but also the operations each user can perform on each resource.
You can also create roles to which multiple users can belong, and set role-level permissions that apply to all role members. Users can belong to any number of roles. Roles can also belong to other roles, and thus share their permission settings.
Nodes at the lowest level, such as the nodes for individual GUIs, are contained in higher-level nodes, such as the nodes for sites and roots.
The ACL entry for a user or a role lists the permission settings for that user or that role.
An ACL can be created at any level of the node hierarchy, and it automatically applies to all the descendants of that node.
If different permissions are set for a descendant node, then those settings override the inherited settings. This applies to that node and all its descendants.
This combination of user/role options and hierarchical node permissions enables you to create a security structure that is as flexible and complex as you require. You can create an ACL that covers broad parts of the whole structure, yet fine-tune access to individual system resources. You can make any changes that are required.
The effectiveness of the system security depends on the security of the underlying operating system.
Any user with command line access to the host server must also have a unique log-in to the computer system where the host server runs. If users can share operating system level log-ins, then they can impersonate each other and subvert system security.
Users with access to a remote client can use the shell window to gain access to files on the computer system running the host server.
Safeguarding computer systems from these hazards and others is the responsibility of the individual organization.
"administrator" role
In the CLWizard integrated with Infor Ming.le, a Cloverleaf "administrator" role is created after upgrading to advanced mode on security server.
The CLWizard integrated with Infor Ming.le requires the "Infor IFS System" role to map to the Cloverleaf administrator role when the application starts.
Licenses
In addition to the licenses for the engines’ host servers, a separate license is required to set up advanced security on each host server. Another license is required for the security server.