User and Group Security

EnterWorks recommends that system security is managed at the user group level.

User groups are defined based on the responsibilities assigned to its users, such as Business Administrator, Product Manager, or Syndication Manager. These groups are designed around each organization’s specific business processes.

EnterWorks user groups control both which functions a user is allowed to perform, such as user management and data modeling, and what level of access a user has to objects within the EnterWorks database, such as code sets and attribute values.

A user can belong to more than one user group. The user has all the permissions that all their user groups are assigned. For example, if the user belongs to the Project Management user group and the Sales user group, they will have all the permissions granted to the Project Management user group and the Sales user group.

Security can be set on data object to allow a user group’s members to create, read, edit or delete them. Repositories have additional permissions to allow a user to add, edit, import, and delete records. For more information, see Data Object Security Filters.

User Password Management

There are three methods used to manage user logins to EnterWorks:

  • Local User

  • LDAP/LDAPS and Active Directory

  • Single Sign-on

If local user authentication is used, an EnterWorks system administrator uses EnterWorks to manage user passwords. EnterWorks performs all user authentication.

Active Directory is a Microsoft application hosted on an Active Directory server. It manages user passwords and performs user authentication. The protocol used to communicate with the Active Directory server is either LDAP (Lightweight Directory Application Protocol) or LDAPS (Secure LDAP, also known as LDAP over SSL).

If single sign-on (SSO) is used, users access EnterWorks through a corporate login (i.e., on a corporate web page) and subsequently follow a link to the EnterWorks application. In this instance, the organization using EnterWorks is responsible for authenticating users.

The local user and LDAP (Active Directory) methods can coexist – some users can be defined as local while others are defined as using LDAP. If single sign-on is used, then all users must be authenticated from the corporate login and there cannot be any local or LDAP (Active Directory) users.