Authentication and authorization

The process of logging in to Control Desk is called authentication. The control that determines which users can use which applications is called authorization.

Authentication

The master list of users defined in your environment is maintained in your directory server. When a user submits a user ID and password on the login screen, the application server verifies the user ID and password with the directory server.

To synchronize the authentication process between the Control Desk user interface and the TADDM interface, the TADDM component also uses the directory server for authentication purposes. It interacts with the directory server through the Virtual Member Manager. The TADDM component does not require a WebSphere environment, so it uses the same Virtual Member Manager that Control Desk uses.

Authorization

After a user ID is authenticated, Control Desk looks it up in the Maximo® database. There must be a copy of each user's information in this database. You can keep the user information synchronized using the VMM cron task.

In the Maximo database, individual user records include the roles, or security groups, to which the users belong. If a user has more than one role, the permissions from all the roles are joined. The role governs these things:

The first page that the user sees is the start center that is assigned to that user's role. A start center is a page tailored to a particular role, showing lists of relevant process artifacts, to-dos, and key performance indicators (KPIs).
Each security group, or role, is configured to provide access to applications in Control Desk. The role determines which applications the user can open, and which actions the user can perform.
If you are using access collections to control access to CI information, permission for a user to work with CIs is based on membership in security groups.

Feedback