Authentication and Authorization
GroundWork Monitor Enterprise software is a set of applications, with a unifying web-based user interface. As such, the security of each component program is wrapped in a JBOSS portal using Web extensions. This abstracts the securty space to the portal. No application is accessible outside the portal authentication framework.
Security in layers
The portal authentication is handled by a federated security framework: the JBOSS Single Sign-On, or JOSSO system. JOSSO handles all login authentication, and authorization is accepted by the JBOSS portal only for those sessions that are authenticated. The web services layer, which is minimally exposed, but may be queried from the GroundWork server and it’s installed applications, further requires authentication, via user name and password. Direct database access is also secured and controlled at the database level, and all the credentials are stored in a local, restricted repository.
Integration with Enterprise Directories
While user IDs and passwords can be stored in GroundWork directly, authentication can be delegated to Enterprise directories via an LDAP layer. The Microsoft Active Directory system, as well as OpenLDAP, or any authentication system complying with the LDAP standard may be used. LDAP integration is provided by JOSSO, making changes to underlying applications unnecessary.
Access Control via Roles
GroundWork users can see only what they are allowed to see, either at the application level, or within the displays of status and performance data. If a user is authorized to see only database servers, then all the applications will show them are dashboards, grpahs,a nd events pertaining to those servers. User access is easily managed through role memberships.