Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Virtualization Demoette… CIS Rights

Published byGwendolyn Moore Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Virtualization Demoette… CIS Rights"— Presentation transcript:

1 Data Virtualization Demoette… CIS Rights
Hello, and welcome to the Demoette series for Cisco Information Server, or CIS. In this Demoette, we discuss Rights in CIS.

2 Agenda What are they and why do they matter? A basic demo Summary
Here is our agenda. We begin by defining CIS Rights and outlining their importance for our customers. Next we walk through a very basic demo of CIS Rights. Finally, we summarize the contents of this demoette.

3 Agenda What are they and why do they matter? A basic demo Summary
Let’s begin by discussing what CIS Rights are and why they are important for our customers.

4 What are they? CIS Rights System-wide capabilities, including:
Tools, such as Studio Administration, such as config, status, and users Access to resources, such as Views and Procedures Rights may be assigned to: Groups Users CIS Rights are system-wide capabilities that may be granted to Groups and Users using CIS Manager. Rights are system-wide capabilities that fall into three broad categories. First, they grant access to Tools, such as CIS Studio and command-line programs. Second, they grant access to Administrative capabilities, such as viewing or modifying CIS system configuration, server status, and system users. Third, they grant system-wide access to CIS resources, such as Views, Procedures, and other artifacts.

5 Why do they matter? CIS Rights During development:
Prevent unauthorized users from accessing developer tools and resources Enable developers to access needed resources During ongoing operation: Enable System Administrators to limit access to operational controls CIS Rights are important for CIS developers, system administrators, and IT managers. At development time, Rights prevent unauthorized users from accessing developer tools and resources, while ensuring that authorized developers may access and modify resources needed during development. During ongoing operations, Rights enable System Administrators to limit access to important operational controls, such as system configuration parameters. This, in turn, gives IT managers assurance that CIS provides appropriate levels of security, along with the flexibility needed for the data needs of a large, complex enterprise.

6 Rights and Privileges: what’s the difference?
Managed by… Granted to… Scope… Rights CIS System Administrators CIS Groups and Users System-Wide Privileges CIS System Administrators CIS Groups and Users Specific CIS Resources CIS implements both Rights and Privileges. They are often discussed together, but it is important to understand the difference between the two. <CLICK> Rights and Privileges are similar in that they are both typically managed by CIS System Administrators. <CLICK> They are also similar in that they are both capabilities that are granted to CIS Groups and Users. <CLICK> However, Rights are system-wide capabilities, while Privileges are capabilities that are granted at the Resource level.

7 Agenda What are they and why do they matter? A basic demo Summary
Next, let’s walk through a very basic demo of CIS Rights.

8 Demo: Here is the business problem…
Here is the business problem we illustrate in this demoette.

9 Demo: Here is the business problem…
CIS Configuration and User Management Administrators Group CIS Tools CIS Developed Resources We have a System Administrators group that has full power to configure CIS, use its tools, and access CIS resources.

10 Demo: Here is the business problem…
CIS Configuration and User Management Administrators Group CIS Tools Developers Group CIS Developed Resources However, we want to limit the capabilities of other user groups. We want Developers to be able to use tools and access resources, but we don’t want them to configure the system or manage users.

11 Demo: Here is the business problem…
CIS Configuration and User Management Administrators Group CIS Tools Developers Group CIS Developed Resources We also have a group of Analysts who do limited development in CIS. We want them to be able to access tools, like Studio, for their work. However, we don’t want them to be able to access all CIS resources system-wide, and we don’t want them to do any system configuration or user management. Analyst Group

12 Demo: Here is the business problem…
CIS Configuration and User Management Administrators Group CIS Tools Developers Group Data Consumers CIS Developed Resources Keep in mind that a typical CIS installation will also have one or more groups of end users, or Data Consumers. These users usually have NO CIS rights of any kind. Even though they have no rights, these users are given appropriate Privileges so that they can access specific published resources via JDBC, ODBC, ADO.NET, and Web Services interfaces. Analyst Group

13 Demo: before you begin…
Import Groups and Users needed for this demoette. In this demo, we use three different CIS Groups that have different Rights settings. To prepare for the demo, use the CIS Package Import command-line utility to import the Groups and Users you will need. We cannot use the GUI-based Import capability because it does not provide fine-grained control over import of Groups and Users. In the additional resources that accompany this demoette, you will find the CAR file, along with instructions and a sample command-line that you can paste into a Command Window. Also note that the command-line export and import utilities require at least one CIS resource to be included. Because of this, you will find a folder called dummyResource installed in the shared portion of the CIS namespace after you run the import.

14 Demo: compare Rights across the three groups
We begin the demo by showing that we have created three groups with different sets of system-wide CIS Rights. Open CIS Manager in a browser, and navigate to the Group Management screen under the Users tab. Click on each Group name to show its Rights. <CLICK> Our Developers Group may access CIS tools, such as Studio, and may read and modify all CIS resources. Members of this group may also read CIS status information, which means they can use CIS Manager to see sessions, transactions, requests, caches, data sources, clusters, and so on. However, Developers cannot modify Status information, which means they cannot perform actions such as clearing query plans and caches; terminating sessions, requests, and transactions; stopping and restarting the server, and so on. Note also that Developers may not unlock resources, and have no access to CIS configuration information or User information. <CLICK> Our Analysts Group is similar to the Developers Group, but Analysts have no system-wide access to CIS resources. This means that we will have to grant Privileges on specific CIS resources before these users can work with the Resources in Studio. <CLICK> Finally, our Consumers Group has no rights at all, and will not even be able to log in to Studio. They will be able to access published resources when appropriate Privileges are granted. Note that this group is functionally identical to the default “all” Group. We create the Consumers Group for this demo, though, in order to highlight the fact that we can create fine-grained control over Rights for Groups and Users.

15 Demo: show the Users within each Group
Now navigate to the User Management screen on the Users tab. <CLICK> Show that we have created three users for this demo. <CLICK> Click the plus sign in the Groups column to show how we have assigned each user to a different group. <CLICK> For convenience, we have noted in the Annotation column that the password for each user is ‘password.’

16 Demo: show the Rights for Developers
Log in to Studio as the Developer user. <CLICK> Note that developers can see all resources in the Shared area of the namespace, because they have full rights on Resources. <CLICK> However, the Administration menu shows that Full Server Backup and Configuration capabilities are greyed-out, because members of our Developers Group do not have Configuration rights.

17 Demo: show the Rights for Analysts
Now log in to Studio as the Analyst user. Note that analysts can only see the Examples folder in the Shared area of the namespace. The examples are visible because they are part of the base CIS install. If we want to allow Analysts to work with specific resources, we will grant appropriate Privileges on those resources, but we do not let Analysts have system-wide Rights to all resources. Sometimes, you might log in as an Analyst and see the other folders in the Shared area greyed-out. If you refresh the Namespace from the File menu, these greyed-out entries will disappear.

18 Demo: show the Rights for Consumers
Finally, log in to Studio as the Consumer user. Note that CIS recognizes the logon and password as a valid CIS user, but enforces the fact that this user does not have the right to use Studio.

19 Agenda What are they and why do they matter? A basic demo Summary
Let’s summarize what we have seen in this presentation.

20 Summary System-wide capabilities, including: Tools, such as Studio
Administration, such as config, status, and users Access to resources, such as Views and Procedures Benefits Prevent unauthorized users from accessing developer tools and resources Enable developers to access needed resources Enable System Administrators to limit access to operational controls CIS Rights are system-wide capabilities that may be granted to Groups and Users using CIS Manager. Rights are system-wide capabilities that fall into three broad categories. First, they grant access to Tools, such as CIS Studio and command-line programs. Second, they grant access to Administrative capabilities, such as viewing or modifying CIS system configuration, server status, and system users. Third, they grant system-wide access to CIS resources, such as Views, Procedures, and other system artifacts. CIS Rights are important for CIS developers, system administrators, and IT managers. At development time, Rights prevent unauthorized users from accessing developer tools and resources, while ensuring that authorized developers may access and modify resources needed during development. During ongoing operations, Rights enable System Administrators to limit access to important operational controls, such as system configuration parameters. This, in turn, gives IT managers assurance that CIS provides appropriate levels of security, along with the flexibility needed for the data needs of a large, complex enterprise. Thank you.

21 TOMORROW starts here.

Download ppt "Data Virtualization Demoette… CIS Rights"

Similar presentations

Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.

Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.

CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.

Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.

Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
1 Chapter Overview Creating Drive and Folder Shares Using Distributed File System Installing Network Printers Administering Network Printers Managing Share.

1 Chapter Overview Creating Drive and Folder Shares Using Distributed File System Installing Network Printers Administering Network Printers Managing Share.
Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.

Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.

Similar presentations

Ads by Google