In the AMS system, security is managed by two things: Application Roles and Security DescriptorsApplication roles and security descriptors manage security in the Arellia Management Server (AMS).
Application roles define which users are as members of assigned roles . Those assigned and those roles, such as "AMS Admins" or "AMS Users," are then added to a Security Descriptorsecurity descriptor.
Security descriptors assign access rights to each of the members of those assigned roles. For example, you use security descriptors to grant Read and Write permissions to members of the "AMS Admins" role, and you grant only Read permission to members of the "AMS Users" role. The members of those roles, when become trustees when roles are added to a security descriptor, become trustees.
When you install the AMS, there are pre-existing Application Roles and Security Descriptors already built into the AMS system application roles and security descriptors built into AMS that secure all the items in your system. You assign membership to your users into pre-existing roles or into roles that you create. Likewise, you assign rights to members of those roles , in pre-existing security descriptors , or in security descriptors that you create. If the existing Security Descriptor security descriptor for the Item you want to secure is insufficient, then you can adjust it by adding roles and changing the rights assigned to the trustees.
Roles and security descriptors define user access to a wide range of items, so that you manage trustees who have rights to those items–you do not need to manage access on an item-by-item basis.
For detailed information and instructions on how to create Application Roles, go to /wiki/spaces/ND/pages/1163764.
For detailed information and instructions on how to create Security Descriptors, go to /wiki/spaces/ND/pages/1163728.
