Designer and Gateway Protection

Dharani_T · November 7, 2022, 11:21am

Hi,

I would like to protect the project with below constraints (whereas I have two usersources : default, AD)

I have given the below setting, still not worked as expected,

pturmel · November 7, 2022, 1:04pm

This is incomprehensibly vague. Please elaborate what you mean by "not worked". Errors? Total login rejection? Users work that shouldn't? Users don't work that should?

Dharani_T · November 7, 2022, 2:54pm

Sorry for not providing an elaborated requirement.
If the user has "Developer" but not an administrator, still designer login or gateway login is not working. But in the required constraints, if user has any of the mentioned roles, the allotted activity should happen.

Dharani_T · November 8, 2022, 7:25am

Anybody have ideas on this?

Transistor · November 8, 2022, 8:24am

I think you need to

Set up your AD user source with "Soft Failover" to the "Default" user source.
In your AD user source create the Administrator role with spelling and capitalisation exactly the same as the role in the default user source.
Use AD for all logins, if possible.

If you have users such as contractors who do not have AD logins then create an account for them in the Default user source and give them the required roles. Again the roles should match those in the AD user source. The Administrator account can be used to log in using the Default user source if the AD user source fails for some reason.

Dharani_T · November 8, 2022, 8:44am

I have done all the mentioned configurations.
But I need to restrict gateway and designer login (Only Users with Admin or Developer role should login)

JordanCClark · November 8, 2022, 11:28am

What are your settings in Config/Security/General of the gateway?
Example: Mine is set up so that only Administrators can get the can get to the gateway settings, but anyone can get to the home page. It does not prevent people from logging in to the gateway, it just keeps unauthorized people from getting to places they shouldn't.

Using my 'No-rights' user

The same 'No-rights' user can't use the designer at all.

Dharani_T · November 9, 2022, 5:23am

What if i try to give config setting permission only to 'Developer' not admin,
when i try to enter developer (only as 'Developer' not as 'Authenticated\Roles\Developer' ) in the setting, eventhough i have developer role, now it is showing as unauthorized login .
So i am restoring my backup.
Any ideas on this

JordanCClark · November 9, 2022, 6:47am

The gateway login is through the Identity Provider, not the user source. Hence, the Authenticated/Roles path.