AX2571

About security

Using Axiom Security, you can create users and roles, and assign access rights. This section explains how security is applied in Axiom.

Users can be created manually within Axiom, or you can import them from Active Directory. Once a user account is created, you must define the permissions for that user, at the user level or at the role level (or both). The security permissions determine which files, features, and data that the user can access within the Axiom system.

The following users can access and manage security:

  • Users designated as a system Administrator. Administrator users have full rights to all areas of the system, including security.

  • Users who are granted the Administer Security permission. Administer Security users have full rights to security, except for a few features which are limited to administrators-only.

  • Users who are assigned as a Subsystem Admin for a subsystem. Subsystem administrators can manage users and roles within the subsystem.

Users and roles

To streamline security settings, you can define a number of roles, and then assign users to those roles. Users inherit the security settings defined for their assigned roles. Additionally, Axiom provides a built-in Everyone role, for security settings that apply to all users.

Systems with installed products may also have roles that are designed for use with the product. These roles are product-controlled and delivered with the product. For example, a system with the Capital Planning product may have roles for Capital Planning Admin and Capital Planning User. You can assign users to these roles based on the level of permissions they need to the product.

The specific way that security settings are inherited depends on the type of setting. Generally, roles grant permissions, they do not deny permissions. For more information, see How role settings are applied to users.

Authentication behavior

There are several options to authenticate users into Axiom. The basic authentication type is Axiom Prompt authentication, which means that users will be prompted for an Axiom user name and password each time they want to access Axiom.

If desired you can use an integrated authentication option instead, which means that users are authenticated based on certain supported external credentials—such as the user's Windows domain credentials or LDAP credentials. These options are typically enabled and configured during the installation of Axiom. For more information, see Security integration.

Security subsystems

If desired, you can create security subsystems and assign users to subsystems. Subsystems allow you to:

  • Define a maximum level of permissions for a subset of users. Any user that is assigned to the subsystem cannot be granted rights that exceed the subsystem rights.
  • Assign a user as a subsystem administrator, so that the user can manage security permissions for the users and roles that belong to the subsystem.

In systems with installed products, subsystems are used to control access to specific products. These subsystems are product-controlled and delivered with the product. For example, you may have subsystems for Capital Planning and Budget Planning. You can assign users to subsystems based on the specific products they should be able to access.

For more information, see Security subsystems.