Authentication is the process of identifying, and verifying, a user. Authentication information is extracted from the request. The authentication information is then checked to determine whether it is sufficient and/or correct. In VHQ, this is performed by the login modules. The VHQ verifies the identity of the user who wants to use data, resources or applications in external database table through Active Directory (AD) mode or Default VHQ mode and also encrypts passwords during transmission to ensure the security of network authentication. If the authentication mode is active directory supported by the customer, the VHQ tries to authenticate the user by using the VHQ common database. The authentication is made to validate the VHQ support person to login to a customer with active directory authentication mode. After authentication, authorization processes can allow or limit the levels of access and action permitted to the user. The VHQ authorization process determines whether a user is allowed to take action on specific areas within the system.
Authentication includes:
EXAMPLE:
A user can be authorized to read or update or delete.
Authorization is permitting only certain users to access, process, or alter data, and applying varying limitations on user access or actions (Add/Modify/View/ Execute/Delete).
Authorization includes:
Authorization is managed using a series of entries in VHQ.
a. User: The VHQ users access a system using their user accounts. The user account holds the details needed for accessing VHQ; a key purpose of an account is to provide the information for the authentication and login processes allowing the VHQ user to log in.
b. Groups: A group is a collection of users and/or other groups. A change in the permissions/privileges assigned to a group is automatically applied to all users in that group. All users are members of the group Everyone. In addition, users can belong to several other groups. Even if the group Everyone is deleted, all users remain part of the group because of the indirect relationship between users/groups and authorization.
c. Permissions: The VHQ user can add, modify, view, execute or delete.
d. Privileges: Privileges allow access to the functionality available within the application. Privileges are always granted or denied to principals rather than to users or groups. The link between users and groups and the authorization is indirect; there is always a principal associated with a user or group.
