We typically limit access to certain Perspective applications via two different methods:
- Source IP
- Authenticated + Authorized User
We had a situation come up yesterday in which the plant want to do both. Functionally they will either use this application from dedicated End-Of-Line clients, or log in to it from anywhere if they have appropriate authorization. What is the best way to accomplish this? Is there a way to require authentication only if they're not in a Security Zone?
Perspective Permissions allow for specifying that users may belong to either ALL specified Security Levels, or ANY of the specified Security Levels. In your scenario, you would want to specify a Security Level which is defined by a Security Zone (which itself is defined by some IP or subnet). Then, when defining permissions as part of Project Properties, select both Authenticated and your new Security Level, and select At least one of the security levels of the user must match any of the required security levels
1 Like