Admin-Scout 3.2 - Individual users / Test roles with the SQL-Editor
Customized use of the Admin-Scout thanks to the new role concept
Whereas Admin-Scout previously only knew the default users "cursoradmin" and "openadmin", the new version 3.2 allows the creation of individual users. In combination with a dedicated assignment of rights on menu level, different roles can now be built up specifically
The setup of additional users is done in the Admin-Scout configuration via the new tab "User Rights" (see following picture). Mainly the user "cursoradmin" is able to create and configure new users. This option can also be set up for new users by using a checkbox, provided that additional administrators are desired. The management of access rights, and therefore the use of the Admin-Scout, can be defined as an additional menu item using the context menu.
In addition to "enabled " or "locked", there is also the possibility to set up a "read-only" status for certain menu items. For example, the storage module in the "read-only" status does not allow any active actions on the DBSpaces, while the evaluations are available. However, user rights can now be assigned not only for menu items. With the new version, user-specific access rights can also be set up for the individual connections of the database.
Verification of role and rights concepts with the SQL-Editor
Normally, all accesses of the Admin-Scout to an Informix instance take place with the "Informix account" stored in the database connection. In order to make it possible to check the rights for a particular user, the new version allows to make SQL-Editor accesses under a different user.
The user to be checked must be created in the database with his rights or must be able to be authenticated by the database. By entering the username and password, the SQL-Editor is now able to execute statements with the rights of this user. This can be used to test whether the rights and role concept that has been set up is working. This simplifies a check of the access rights considerably. The access is only temporary for the duration of a session. User and password are not stored in Admin-Scout beyond this time.
Using the SQL-Editor without administrator rights
The combination of new user management and user switching in the SQL-Editor, provides the possibility to make the SQL-Editor available without administrator rights. For this purpose, the SQL-Editor menu item must be provided with a read-only flag in the user administration. Setting the flags prevents logging in as user Informix (with DBA rights), which is normally standard for the Admin-Scout.
The read-only flag ensures that a user must specify a username and password when calling the SQL-Editor and, as a result, all statements are executed under that very account for the duration of the session. For the user, a username and password must be created in advance on the database side. The rights are also controlled in the context of the database. It is important to make the appropriate assignments at this point.
Is a feature missing? Do you have any questions or suggestions for Admin-Scout development?
Just write us a few lines in our Development-Request form - we are looking forward to your suggestions!
Your Admin-Scout development team.