2.1 Setting Up User Authorization and Authentication

Portability Suite’s user authorization and authentication mechanism is based on user roles, and controls application access and operations that users can perform. The mechanism is based on Integrated Windows* Authentication (IWA) and its interaction with Internet Information Services (IIS).

Portability Suite’s user auditing functionality is provided through the capability to log user actions (see Setting Up User Activity Logging).

2.1.1 Portability Suite Roles

A Portability Suite role is a collection of Portability Suite privileges that entitle a particular user to perform specific actions. During installation, the Portability Suite installation program creates three local Windows groups on the Portability Suite Server host: Portability Suite Administrators, Portability Suite Power Users, and Portability Suite Operators. These groups map directly to the three Portability Suite roles that control user authorization and authentication:

  • Portability Suite Administrators: Have unlimited access to all features and functions of the application. A local administrator is implicitly part of this group.

  • Portability Suite Power Users: Have access to most features and functions of the application with some limitations, such as restrictions in the capability to modify system settings related to licensing and security.

  • Portability Suite Operators: Have access to a limited subset of system features and functions, sufficient to maintain day-to-day operation.

When a user attempts to connect to a Portability Suite Server, the credentials provided through the Portability Suite Client are validated by IIS. If the user is not a member of one of the Portability Suite roles, connection is refused. If the user is a local administrator on the Portability Suite Server host, that account is implicitly regarded as a Portability Suite Administrator.

The following is a list of permissions for each role.

Table 2-1 Portability Suite Roles and Permission Details

Role Details

Administrators

Power Users

Operators

Licensing: Add, delete licenses; transfer workload licenses

yes

no

no

Machines: Discover, undiscover

yes

yes

no

Machines: Delete virtual machine

yes

no

no

Machines: View, refresh, export

yes

yes

yes

Machines: Import

yes

yes

no

Machines: Export

yes

yes

yes

Portability Suite Networks: Add, delete

yes

no

no

Jobs: Create new job

yes

yes

no

Jobs: View, abort, change start time

yes

yes

yes

Workload Protection: Protect workload, cancel protection

yes

yes

no

Workload Protection: View, start synchronization in existing schedules

yes

yes

yes

Imaging: Protect image, cancel synchronization schedule

yes

yes

no

Imaging: View, start synchronization in existing contracts

yes

yes

yes

Imaging: Consolidate increments, apply increments to base, delete increments, install/delete image servers

yes

yes

no

Block-based Transfer Components: Install, upgrade, remove

yes

no

no

Device Drivers: View

yes

yes

yes

Device Drivers: Upload, delete

yes

yes

no

Portability Suite Server access: View Web services, download client software

yes

yes

yes

Portability Suite Server settings: Edit settings that control user activity logging and SMTP notifications

yes

no

no

Portability Suite Server settings: Edit all server settings except those that control user activity logging and SMTP notifications

yes

yes

no

Run Diagnostics: Generate detailed diagnostic reports on jobs.

yes

yes

yes

Post-conversion Actions: Add, update, delete

yes

yes

no

2.1.2 Assigning Portability Suite Roles to Windows Users

To allow specific Windows domain or local users to carry out specific Portability Suite operations according to designated role, add the required Windows domain or user account to the applicable Windows local group (Portability Suite Administrators, Portability Suite Power Users, or Portability Suite Operators) on the Portability Suite Server host. For more information, see your Windows documentation.