| ||
|
|
If you do not wish to configure web server security (perhaps your web server is on an internal machine behind a "firewall"), you have completed ProblemTracker installation and configuration. You can now login to ProblemTracker or proceed to the ProblemTracker tutorial.
ProblemTracker Security
ProblemTracker supports security at two levels. The product includes a flexible user group based security scheme, allowing control of access to both function (Add, Edit, View, etc.) and data records. In addition, ProblemTracker also supports the use of your web server's native security mechanisms to limit access to the web pages themselves. If you have very strict security requirements, you may wish to apply authentication to your ProblemTracker installation to restrict access to the relevant web pages based on function. By default, the ProblemTracker installation sets up anonymous access for the workgroups and a combination of Basic and Integrated Windows authentication for the Workgroup Management System. The section below provides a description of the default security configured by the installation set up program.
Default Security Set by the Installation
The ProblemTracker installation program creates 2 user accounts: PUSR4HOSTNAME and PADM4HOSTNAME where HOSTNAME is the TCP/IP host name of the machine where ProblemTracker is installed. PUSR4HOSTNAME is used as the anonymous user account for accessing the workgroups. PADM4HOSTNAME is used as the account to perform operations in the Workgroup Management System (WMS). Use of the operations in WMS always require local Administrator credentials.
The following table displays the minimum file permissions needed to use the ProblemTracker workgroups and WMS with the default installation setup.
Note that the following table assumes that a workgroup named pteval, the Evaluation Workgroup, has been installed. For your workgroup, substitute your workgroup name where "pteval" appears. rootDir is the web server root directory where the ProblemTracker content and web files were installed (by default, C:\Inetpub\wwwroot\ProblemTracker). winDir is the operating system root directory (for example, C:\WinNT). programfilesDir is the location where the ProblemTracker installation files were installed (by default, C:\Program Files\NetResults\ProblemTracker5).
|
Applying Basic Authentication to Restrict Access by Function
Many web servers allow you to restrict access to a web site on a per user basis via a process called Basic Authentication. ProblemTracker has been designed with this in mind, allowing you to limit access to any function by using the web server's built-in security mechanism.
Note: In the sections below we have described how to set up Basic authentication because that is supported by all browsers which are supported by ProblemTracker. However, if your users are exclusively using Internet Explorer, you can instead (or additionally) configure Integrated Windows authentication (a stronger form of authentication than Basic authentication). To configure Integrated Windows authentication, check the Integrated Windows authentication box instead of (or in addition to) the Basic authentication box when instructed to do so in the following sections.
Setting Web Server Security
The procedure for configuring web server security varies for each web server product. This document provides general instructions for setting up security as it relates to ProblemTracker for the following web servers. However, you should also consult the documentation provided with your web server for details regarding its security options.
ProblemTracker Organization
The ProblemTracker web pages are organized by function as shown in the following table. In general all pages related to a particular function have been included in the same directory, using a common program file. By applying security to these directories and program files as desired, you can limit each individual or group in your organization to the functions appropriate to their job. When a user browses to a page or program where security has been applied, a dialog appears in their browser requiring them to enter a User Name and Password. Depending upon their identity, they will be allowed or denied access to the resource.
Note that the following table assumes that a workgroup named pteval, the Evaluation Workgroup, has been installed. For your workgroup, substitute your workgroup name where "pteval" appears. rootDir is the web server root directory where the ProblemTracker content and program files were installed (by default, C:\Inetpub\wwwroot\ProblemTracker).
|
All Workgroup functions need at least Read permission on rootDir/pteval/Include directory.
WMS Operations that can impact your Custom Security Settings
The Repair, Move, and Upgrade operations that can be performed in the Workgroup Management System can reset the customized security you have applied to the locations listed in the table above. Before you use the Repair, Move, or Upgrade operations, it is recommended that you take note of the security scheme you have applied, then re-apply these changes after using one of those operations.
For more information on the WMS operations, please refer to the following sections in the WMS Help Guide:
Repairing a Workgroup
Moving a Workgroup
Upgrading a Version 3 Workgroup
Upgrading a Version 4 or 5 Workgroup
NetResults ProblemTracker
