Security process

The Security Groups application uses a two-step security process that consists of authentication and authorization.

Authentication is the process of validating the identity of a user. There are different authentication methods that share a common trait: authentication is always provided by a user ID and password. After a user is authenticated, authorization lets that user access various resources based on identity.

Authorization determines which modules and applications a user can access, which actions a user can perform, and which data a user can view, change, and delete. Authorization is provided by membership in one or more security groups.

Authentication of users
In the Security Groups application, you can set up authentication to validate the identity of a user. Authentication is the process of validating the identity of a user through a user ID and a password.
Authorizations for security groups
A security group grants access to members of the group to start centers, applications, Work Centers, and object structures. The access options can be read, insert, save, and delete. You can use conditions to hide fields, tabs, and menus from group members, and you can set data restrictions on objects and attributes.
Security profiles
A security profile is the list of rights a user derives from the security groups to which the user belongs. The user rights define the ability of a user to access asset management system applications and to perform specific application functions. You can view a user security profile list in the Security Profile tab in the Users application.
Security profile of an organization with two security groups - example
A security profile lists the access that a user has after all the security groups are combined. This example shows an approach to building a security profile for one organization with two security groups.
Login tracking
You use login tracking to specify the number of allowed login attempts. You can track the number of login attempts and view the current login status for a user. You can also block further attempted logins by a user who exceeds the specified number.
Encryption and security
The data types Crypto, and CryptoX are used to encrypt passwords and other types of confidential information. The Java™ Cryptography Extension (JCE) is used to perform encryption.
Prevention of intrusion and malicious attacks
Malicious users can attempt to breach security by attacking the login, forgotten password, and self-registration processes, for example to initiate denial-of-service attacks. Hackers can also target browser and HTTP vulnerabilities to initiate cross site request forgeries (CSRF) attacks.

Parent topic: Security Groups overview