Terminology |
- Accepted users
- Partition manager
|
- Authorized users
- Partition administrator (up to 5.6). Beginning in 5.7 GA, privileges that used
to be exclusive to administrators can now be granted individually, making the
concept of partition administrator obsolete.
|
Security configuration |
Security task: Allows you to configure users, user groups,
and partitions in three separate tabs. |
User management task: Allows you to configure users, user
groups, and partitions within a single entity hierarchy. |
Partition configuration |
- Can only be created in the Partitions tab of the
Security task in Config
Tool.
- Partitions are always shown in the Partitions tab of
the Security task in Config
Tool.
- The content of a partition can only be modified in the partition’s
Properties tab.
|
- Can be created from any administration task where an entity hierarchy is
shown.
- Users can choose to show or hide partitions in any administration tasks by
clicking Show partitions (
) in the Search box.
Partitions are completely hidden if no user-created partitions exist.
- The content of partitions can be modified directly in any entity tree by
dragging-and-dropping the entities into the partitions you want them to be a
member of.
|
Partition access rights configuration |
- Users’ access rights for partitions are configured in the Accepted
users tab of each partition entity.
- Access rights are implicitly inherited from parent user groups. User group
members have access to the partition even though they are not shown in the
Accepted users tab.
- Access rights granted for a parent partition are also granted for the child
partitions.
|
- Users’ access rights for partitions are configured in the Access
rights tab of each individual user and user group entity.
- Access rights are explicitly inherited from parent user groups and are clearly
indicated in the user’s Access rights tab.
- Access rights granted for a parent partition are granted by default for the
child partitions, but can be denied on a case by case basis.
|
Partition membership configuration |
- An entity cannot belong to more than three partitions.
- There are no rules governing the partition memberships of related entities.
Each entity’s membership to a partition must be configured individually. For
example, adding a cardholder group to a partition does not automatically add the
group members to that partition.
|
- There is no limit to the number of partitions an entity can belong to.
- The system automatically applies a set of rules concerning the partition
memberships of related entities, based on the most common practices. For
example, adding a cardholder group to a partition automatically adds the group
members to that partition. The administrator can always change the automatically
applied memberships on a case by case basis.
|
Public partition |
- All users can see the entities in the Public partition in entity lists,
even non accepted users.
- Only accepted users with
administrative privileges can view the properties of the entities in the
Public partition.
- The Public partition cannot be renamed nor deleted.
|
- The Public partition no longer exists.
- When partitions are not required, the root partition (named after your
main server) contains everything you create and is accessible to all
users by default.
- When you upgrade a system with multiple partitions to 5.7, the Public partition is migrated, but the
features of the Public partition in 5.7 are different.
- Users who were not accepted users of the Public partition in 5.0,
5.1, or 5.2 will have no access to the Public partition in 5.7.
- You can rename, modify and
delete the Public partition in 5.7.
|
System partition |
- The System partition is a hidden partition with the unique
characteristic that only administrators can access its content.
- Entities that do not belong to a user-created partition implicitly belong to
the System partition.
|
- The System partition is used to hold all entities that must be
accessible to all users at all times. For example, the Always schedule,
the Health Monitor role, and the Media Router role, all belong to
the System partition.
- The System partition is exclusively managed by the system. Not even
administrators can change it.
- Entities that do not belong to a user-created partition automatically belong
to the root partition.
|