Restricting Administration Access

The following methods of restricting access to the CML application and its database are available for implementation by the system administrator:

• Restricting Using Directory Permissions. This method lets users or groups of users perform all administrative functions.
• Restricting Using File Permissions. This method lets users or groups of users perform selected administrative functions.
• Restricting by IP Address. This method provides extra security by limiting access to users at certain designated computers.

Anyone trying to use the administrative functions of the CML application must first get past these security filters. Assuming all three are in place, the first one checked is IP address. If the client computer passes that test, Internet Information Server (IIS) then attempts to authenticate the prospective administrator by communicating with Windows NT (see About Windows NT Permissions) to verify the person's user name and password.

Finally, now that IIS knows who wants administrative access, it attempts to access the files in the CML application's Admin directory. For this attempt, NTFS security is used to check whether the person has authority to open these files. (No file security is possible if the CML application is installed in a virtual directory on a FAT partition.) See your Microsoft Windows NT documentation for more information on types of file systems.

Choosing and Combining Restrictions

The site administrator must first choose which access restrictions are appropriate for securing the CML Web site, and then configure those restrictions. This section discusses these methods' strengths and weaknesses as well as the arguments for combining different restrictions to add security.

About Unified Logon

This section describes several ways to restrict access to the CML application's administration screens. The choice of these restriction methods supports the concept (and the BackOffice logo requirement) of "unified logon." An application's support for unified logon means that it recognizes users through the logon information stored in the domain controller of Microsoft Windows NT, not through additional custom logon screens. The user is not to be burdened with re-entering user name or password information after already having done so outside the scope of the application.

The CML application supports this concept by relying on external systems of identification (provided by Windows NT Server and Microsoft Exchange Server) and not on internal means — such as a list of authorized administrators or power users stored in the FmLib database. Specifically, compliance with this requirement is based on the application deployment tasks described in Setting up Security in BackOffice Server.

This is possible because the operating system makes the logon information it stores at the beginning of a user's session available to applications (in this case, Microsoft Internet Explorer) that need it. Microsoft Internet Explorer, in turn, sends this information to Internet Information Server, in whose context the CML application runs.