Authentication via Windows does not enable access to “secured” databases, meaning those with activated high security and encryption. Only the correspondingly authorized users of the internal PROXESS user administration can access these databases.
Only registered users can work with PROXESS. In order to perform user management tasks, you must be a supervisor or database area administrator.
The PROXESS user management tasks are:
Creation of a system-wide user concept
Implementation of the concept through the creation of user accounts and groups
Management and maintenance of user accounts and groups
Setup and maintenance of access permissions
As system administrator, you should organizationally divide all users who work with PROXESS into two user categories.
The system administrator adopts the user data from the Windows Active Directory for these users to avoid double administration in Windows and PROXESS. Users transferring from AD select the authentication option “Windows” in the login dialog of the respective module when logging into PROXESS. Then the Windows login information is automatically used for login to PROXESS. Here, it is recommended to suppress the login dialog for AD users in the respective module settings after the first login.
Members of this category, however, do not have any access to high-security databases—e.g., those for which high security and encryption are activated. This aims to prevent a situation where AD users automatically receive access rights to particularly sensitive documents and data in PROXESS simply by being assigned to an AD group, without these having to be explicitly declared in PROXESS. In practice, this will probably affect the majority of users who, for example, are not members of senior management or HR, and so do not need any access to specially protected data. For these users, Windows Active Directory integration can help to avoid double administration, thus making work easier for the system administrator. This also enables automatic login to the PROXESS modules for the user.
All steps for the Windows Active Directory Integration in PROXESS are described here.
All steps for the Windows Active Directory Integration in PROXESS are described in the chapter “Windows Active Directory Integration”.
Warning information
|
|
Authentication via Windows does not enable access to “secured” databases, meaning those with activated high security and encryption. Only the correspondingly authorized users of the internal PROXESS user administration can access these databases. |
Members of this category can access high-security databases (e.g., employee database) if they have been granted the necessary access rights in PROXESS. In practice, this will most likely be limited to a smaller circle of users (e.g., senior management/HR department). These users are created and managed directly in PROXESS. When logging in to PROXESS, the user selects the authentication option “PROXESS” and enters their PROXESS user name and password.
You can find all explanations about the internal PROXESS group and user management in the “User management” chapter.
Warning information
|
|
Avoid users with a “double identity” as Windows AD users and PROXESS users. Users should generally log into all PROXESS modules with one and the same authentication to ensure that they get a consistent basis for the data and access. |
Also see: