Access Management or Security Tools in OmniDesign

Access Management or Security Tools

The Access Management or Security Tools module in OmniDesign is essential for handling access rights for users, their roles, and domains using the Security Editor. This module includes tools like User Manager, Security Editor, Access Viewer, Domain Manager, and Role Manager.

OmniDesign provides website administrators with extensive control over what users can see on the site by using:

• User accounts and roles for security
• Setting access rights for different items
• Following rules to resolve conflicts in access rights

Domain Manager

The Domain Manager is a tool for creating and managing domains. With the Domain Manager, you can:

• Create, edit, and delete domains.
• Decide if the domains should be global or managed locally.
• Access other security tools from within the Domain Manager.

A domain in OmniDesign is a collection of security accounts (users and roles) administered as a unit with common rules and procedures. Domains are used to group security accounts logically, such as all accounts that access OmniDesign clients or accounts with access to the published website. OmniDesign has three default domains:

1. Extranet: Manages website security, user accounts for website visitors, and read access roles for website content. Users in Extranet may also access OmniDesign if they belong to relevant roles like OmniDesign Client Authoring.
2. OmniDesign: An internal domain for OmniDesign clients, containing users with access to client tools and roles that determine available functionalities. Users in OmniDesign may edit website content if granted access rights and may access Extranet based on domain and login page setup.
3. Default: A virtual domain existing only in memory, typically set as Extranet, assigning most users to extranet\anonymous. If not specified, users default to default\anonymous.

All domains include an Anonymous user and an Everyone role, with Everyone encompassing all users and the Anonymous user in the domain. Users typically belong to roles within their domain but can also be in roles across domains, and roles can span multiple domains.

Domain Types:

• Global domains: Users can access all system domains based on configuration by the security architect.
• Locally managed domains: Users are limited to a specific domain and cannot access others. A local administrator maintains these domains, and users within a locally managed domain only see accounts within that domain.

User Manager

The User Manager allows you to create and manage users who can access your system. With the User Manager, you can:

• Create, edit, and delete users
• Change user passwords
• Enable and disable users
• Lock and unlock users
• Access other security tools
• Reset settings
• Role Manager, Domain Manager, Access Viewer, Security Editor

User Management Functions:

1. New: Create a new user by providing necessary details such as username, email, password, etc. Click the “New” button, fill in the required fields, and then click “Next.”
2. Edit User: Modify the details of an existing user, such as their username, email, associated roles, profile, and language settings. Click the “Edit” button to edit a selected user.
3. Delete: Permanently remove a user from the system.
4. Change Password: Update a user’s password. Provide the old password along with the new one. If the old password is unknown, generate a new one using the “Generate” button.
5. Reset Settings: Reset the user’s settings to their default values.
6. Disable: Temporarily disable a user’s account, preventing them from logging in until re-enabled.
7. Enable: Re-enable a previously disabled user account, allowing them to log in again.
8. Unlock: Unlock a user’s account if it has been locked due to multiple failed login attempts.
9. Lock: Lock a user’s account, preventing further login attempts for security reasons or during investigations.
10. Role Manager: Manage roles, which define the permissions and access levels granted to users.
11. Domain Manager: Manage domains, which are logical groupings of users and roles with shared access rights.
12. Access Viewer: View access rights for users and roles.
13. Security Editor: Edit security settings and permissions.

Role Manager

The Role Manager allows you to create and manage roles assigned to your security accounts (users and roles). With the Role Manager, you can:

• Create and delete roles.
• Add or remove users and roles as members of a role.
• Access other security tools.

In OmniDesign, roles serve as the master architects, outlining permission blueprints. They determine access, ensuring your website content remains structured and protected. Instead of individually managing each person, roles group users according to their responsibilities. Editors, admins, marketers—all receive access tailored to their responsibilities.

Key OmniDesign Roles:

1. OmniDesign\Author: Allows users to create and edit content items.
2. OmniDesign\Designer: Grants access to design features within the OmniDesign Client.
3. OmniDesign\Developer: Provides access to development tools and features.
4. OmniDesign\Forms Data Administrator: Manages data for OmniDesign Forms.
5. OmniDesign\Forms Editor: Edits and manages OmniDesign Forms.
6. OmniDesign\Forms Publisher: Grants publishing permissions for OmniDesign Forms.
7. OmniDesign\JSS Import Service Users: Used by the OmniDesign JavaScript Services (JSS) to import data.
8. OmniDesign\PowerShell Extensions Remoting: Provides remote access for PowerShell Extensions.
9. OmniDesign Client Roles: Include Account Managing, Advanced Publishing, Authoring, Bucket Management, Configuring, Designing, Developing, Maintaining, Publishing, Securing, Translating, Users, Limited Content Editor, Limited Page Editor, Local Administrators, Minimal Page Editor.

Role Management Functions:

1. New: Create a new role within OmniDesign.
2. Delete: Remove an existing role from the system.
3. Member: Add users to a role, assigning them the permissions and access rights associated with that role.
4. Member of: Show the roles to which a particular user belongs.
5. Domains: Specify the domain or scope within which the role operates.
6. Users: List users who are members of the selected role.
7. Access Viewer: View the access rights and permissions associated with a particular role.
8. Security Editor: Fine-tune security settings and permissions associated with a role.

Access Viewer

The Access Viewer allows you to review the access rights assigned to your security accounts. In the Access Viewer, you can:

• Review the access rights assigned to security accounts for each item in the content tree.
• Understand how the current settings have been resolved.
• Access the Security Editor and the User Manager for further management.

Access Viewer Functions:

1. Account: Select a specific user account or role to view their access rights.
2. Role and Users: Toggle between viewing access rights for roles and individual users.
3. Assign: Assign specific access rights to the selected user account or role.
4. Columns: Customize the display of access rights columns.
5. Security Editor: Access the Security Editor directly from the Access Viewer.
6. User Manager: Access the User Manager directly from the Access Viewer.

Security Editor

The Security Editor allows you to set the access rights for roles and users on items in the content tree. In the Security Editor, you can:

• Assign access rights to your security accounts.
• Protect and unprotect items.
• Access the Access Viewer and the User Manager for further management.

Security Editor Functions:

1. Account: Manage user accounts, viewing and modifying user-specific security settings.
2. Role and Users: Manage both roles and individual users, granting or revoking access rights as needed.
3. Assign: Assign specific access rights to roles or users for selected items in the content tree.
4. Columns: Customize the columns displayed in the Security Editor.
5. Protect Item: Mark certain items as protected, restricting modifications or access by unauthorized users.
6. Presets: Apply predefined sets of security settings or permissions.
7. Access Viewer: Quickly access the Access Viewer tool.
8. User Manager: Access the User Manager tool directly from the Security Editor interface.