To use the IG Server, users must have:
Active Directory (AD) is a directory service created by Microsoft that provides, amongst other things, authentication and authorization mechanisms. It is an LDAP compliant database that contains objects, including users and groups, which can be organised into logical and business needs. Within the context of your IGS, you can use these groupings when assigning user roles. (AD) username in your IG Server deploymentWhen AD authentication is successful, the IG Server determines the user's role based on the configured list of users and groups as set up on the IG Server.
Roles
An IG Server user can have one of three roles:
The role of a particular user determines which parts of the user interface the user can access, and which tasks they can carry out. There can be more than one user in each role. By default, everyone is a Document Owner but you can choose to assign a user to one of the other two roles, which subsume the Document Owner permissions.
You must have at least one Compliance Officer set up. Other roles are optional, and depend on whether a Compliance Officer wants to delegate responsibility for tasks.
Show me the roles and what they can do:
| Role | Number allowed | Description |
|---|---|---|
| Compliance Officer | 1 or more |
The individual(s) responsible for ensuring employees of the organization do not contravene any statutes or regulations regarding the distribution of confidential information. They are responsible for investigating any policy breaches reported by the IG Server, and they have access to all registered data and areas of the user interface. |
| Administrator | 0 or more | The individual(s) responsible for maintaining the health of the IG Server. |
| Document Owner | No limit | A user that can register items and manage collections of documents. By default, every user is a Document Owner if they haven't been assigned to another role. |
| Any user, regardless of role, has the ability to register their own confidential documents. |
Users with the roles specified below are able to access the following areas of the Admin UI:
| Compliance Officer | Administrator | Document Owner | |
|---|---|---|---|
| Registry |
|
|
|
| Users |
|
|
|
| System |
|
|
|
| Tools |
|
|
|
| Reports |
|
|
|
Users with the roles specified below are able to register the following:
| Compliance Officer | Administrator | Document Owner | |
|---|---|---|---|
| Registered Items |
|
|
|
| Whitelist Items |
|
|
|
| Common Whitelist Items |
|
|
|
Users with the roles specified below are able to view the collections and item matches for registered items:
| Compliance Officer | Administrator | Document Owner | |
|---|---|---|---|
| Owned by them |
|
|
|
| Owned by other users |
|
|
|
Groups
You can add multiple users to the
|
|
If a user within a group has an individual IG Server user account, the privileges of the individual account take precedence.
See a list of users and groups?
From the toolbar, click Users and select the User access tab.
The list of users and groups with associated role is displayed.
|
Individual users can be identified by Groups can be identified by |
Add a user or group?
From the toolbar, click Users and select the User access tab.
The list of users and groups with associated role is displayed.
Click 
.
The Add user or group dialog is displayed, and lists groups and individual users as configured in Active Directory.
Click the user or group you want to add, and select the role from the Role drop down.
|
Use the search field to quickly find specific users or groups. |
Click OK.
Delete a user or group?
From the toolbar, click Users and select the User access tab.
The list of users and groups with associated role is displayed.
Click 
against the user or role you want to delete.
Click OK in the confirmation box.
Change the role of a user or group?
From the toolbar, click Users and select the User access tab.
The list of users and groups with associated role is displayed.
In the Role column for the user or group you want to change, click 
and select the role from the drop down list.
Click 
to confirm your selection.
|
|
Restrict the users who can log in?
By default, the IG Server searches the entire Global Catalog of your Active Directory server for users and groups. If the directory server also has trust relationships with other servers in the domain forest, the IG Server will also search the Global Catalog of those trusted directory servers. This can increase the time it takes for a user to log in to the IG Server Administration Interface.
To restrict the scope of the Directory Server search:
- Use an Active Directory editor application (such as ADSI Edit) to open the Directory Server Global Catalog.
- Find the node within which you want to restrict the IG Server search.
Copy the value of the distinguishedName attribute of the node. For example, the Sales department in my-company.com:
OU=Sales,CN=Users,DC=my-company,DC=com- In IG Server, navigate to System > Network > Directory Server. Paste the distinguishedName attribute into the Search distinguished name (DN) field of your Directory Server settings.
© 1995–2019 Clearswift Ltd.
