AX2571

About security

Using Axiom Platform Security, you can create users and roles, and assign access rights. This section explains how security is applied in Axiom Platform.

You can create users manually within Axiom Platform or import them from Active Directory. After a user account is created, you must define the permissions at the user level, at the role level, or both levels. The security permissions determine which files, features, and data that users can access within the Axiom Platform system.

The following users can access and manage security:

  • Users designated as a system Administrator. Administrator users have full rights to all areas of the system, including security.

  • Users who are granted the Administer Security permission. Administer Security users have full rights to security, except for a few features which are limited to administrators-only.

  • Users who are assigned as a Subsystem Admin for a subsystem. Subsystem administrators can manage users and roles within the subsystem.

Users and roles

To streamline security settings, you can define a number of roles and then assign users to those roles. Users inherit the security settings defined for their assigned roles. Additionally, Axiom Platform provides a built-in Everyone role for security settings that apply to all users.

Systems with installed products may also have roles for use with the product. These roles are product-controlled and delivered with the product. For example, a system with the Capital Planning product may have roles for Capital Planning Admin and Capital Planning User. You can assign users to these roles based on the level of permissions they need for the product.

The specific way that security settings are inherited depends on the type of setting. Generally, roles grant permissions rather than deny permissions. For more information, see How role settings are applied to users.

Authentication behavior

Several options are available to authenticate users into Axiom Platform. The basic authentication type is Axiom Prompt authentication, which means that users are prompted for an Axiom username and password each time they want to access Axiom Platform.

You can also use an integrated authentication option in which users are authenticated based on certain supported external credentials, such as the user's Windows domain credentials or LDAP credentials. These options are typically enabled and configured during the installation of Axiom Platform. For more information, see Axiom authentication.

Security subsystems

If required, you can create security subsystems and assign users to subsystems. Use subsystems to:

  • Define a maximum level of permissions for a subset of users. Any user who is assigned to the subsystem cannot be granted rights that exceed the subsystem rights.
  • Assign a user as a subsystem administrator to manage security permissions for the users and roles that belong to the subsystem.

In systems with installed products, subsystems control access to specific products. These subsystems are delivered with the product. For example, you may have subsystems for Capital Planning and Budget Planning. You can assign users to subsystems based on the specific products they need to access.

For more information, see Security subsystems.