JAMS Security Features Explained

Follow

JAMS can Integrate with Active Directory users and groups, or LDAP provider.

JAMS security can be best described by a series of layers. Each layer of security can be described as a “Door in a hallway” where users cannot access the next door, without having permissions to the one before it. The first step is creating the Active Directory (AD) group then assigning users and the appropriate user access within the group.

Level 1 - Configure Access Control List (ACL)

The top to level 1 can be considered the "Server" Property. This allows authentication to the JAMS Server from all JAMS Clients, for example; Desktop Client, Web Client, RESTful API, PowerShell, and node.JS.

ServerACL.png

The areas listed within this Access Control (ACL) drop down menu allow users to configure access to those pieces of JAMS as a whole.

The Job Definitions area will allow users to define the User and the Groups. The User and the Groups will have the ability to perform the following actions:

  • Add Jobs
  • Modify Jobs
  • Delete Jobs
  • Review Jobs Properties
    • The ability to Create, Delete, and Modify by Unauthorized Users will be blocked as those functions will be disabled.

Job_Definitions_ACL.png

These permissions are set for ALL Jobs, regardless of the Folder Definition to which they belong.

By default, each of these areas has an entry for the following:

  • BUILTIN\Administrators
  • NTAuthority\Authorized Users

Configuring (ACL) Tips

  • ACL Identifiers can be identical as well as being inherited.
    • A unique name will be required for the identical ACL Identifier.
  • Access to the Jobs in each Folder or the individual Jobs is set within the Folders or Jobs as described above.

Level 2 - Configure Folders

The Folders control the access to the "containers" holding the jobs.

  • Access Control Entries (ACE) set on a Folder are inherited by the objects within container.
  • ACE Job Permissions, similarly to ACL Identifiers can be identical as well as being inherited.
    • A unique name will be required for the identical ACE Job Permission.
    • The ability to Create, Delete, and Modify by Unauthorized Users will be blocked as those functions will be disabled.

Folders_ACL.png

 

Level 2a- Configure Job Permissions (optional)

Within the Job Properties window, the Security tab can be accessed.

  • The Job Permissions work similar to the Folder Definition Properties.
  • The exception is the ACL at the individual job level will control only access to that specific job.

Job_Level_Security.png

 


 

Related Information

 

Have more questions? Submit a request

Comments