Security overview
Application roles and security descriptors manage security in the Arellia Management Server (AMS).
Application roles define users as members of assigned roles and those roles, such as "AMS Admins" or "AMS Users," are then added to a security descriptor.
Security descriptors assign access rights to each of the members of those assigned roles. For example, you use security descriptors to grant Read and Write permissions to members of the "AMS Admins" role, and you grant only Read permission to members of the "AMS Users" role. The members become trustees when roles are added to a security descriptor.
When you install AMS, there are pre-existing application roles and security descriptors built into AMS that secure all the items in your system. You assign membership to your users into pre-existing roles or into roles that you create. Likewise, you assign rights to members of those roles in pre-existing security descriptors or in security descriptors that you create. If the existing security descriptor for the Item you want to secure is insufficient, then you can adjust it by adding roles and changing the rights assigned to trustees.
Roles and security descriptors define user access to a wide range of items, so that you manage trustees who have rights to those items–you do not need to manage access on an item-by-item basis.