You can set up users to access your Content Server instance in a variety of ways. Specifically, there are three user logins available:
Users are defined by an administrator or sub administrator within the Content Server system. Administrators assign these users one or more roles, which provide the user with access to security groups. Undefined users are assigned the guest role. Most of the Setting Security section focuses on local users.
Logins are Created By - Administrator/Sub administrator in the Content Servers. Credentials may extend to multiple Content Servers.
Access is Determined By - Content Server Roles, which provides access to security groups.
User Login - Content Server is not required to run for login.
User Password - Users can change their passwords.
Interface Issues - User names display in the Check In lists. Users can specify whether to change full name, e-mail address, and user type.
Recommended for - 1000 or fewer users
|
Note: Administrators should never configure more than 1000 local users. |
Local Users have all rights and privileges of Global Users. They also have these additional privileges:
Show-up in checkin list.
Login without the Content Server running - Users can access the admin server if the Content Server is not running, global users cannot access the admin server.
Login to proxied server using server relative URL.
For example: username<proxied_server>/<local_user_on_proxied_server>
A Content Server does not efficiently handle more than about 1000 local users before the performance issues become a problem. To scale up to large enterprise user bases, a different type of user was created whose validation is always performed dynamically. They are not published to the web server security filter and the master server always validates the credentials by querying the database tables. Because of this, the master server must be running to login as a global user.
Lightly-managed or global users whose credentials extend to multiple Content Servers. Only a master server can store global user information.
Login is Defined By - Credentials extended to multiple Content Servers.
Access is Determined By - Content Server Roles set on the master instance, which provides access to security groups across multiple instances.
User Login - Master Content Server must be running for login.
Interface Issues - User names do not display in the Check-In lists. Users can specify where to change full name, e-mail address, and user type.
Recommended for - Enterprise situations users over 1000.
External users who are automatically registered in the system but are not manually set up by an admin might use a Microsoft login or some other type of provider (LDAP) login. (Refer to Assigning Active Directory Server Information or Entering NTLM Configuration Entries for more information.) Generally, these are users in a trusted domain to whom you grant access and not managed through Stellent Content Server. Their password is owned by the MS NETWORK domain or other type of provider.
Login is Defined By - Participation in an external user database,
Trusted domain/Microsoft
LDAP
Other database
Access is Determined By - Credentials from a trusted domain or other user base (LDAP)
User Login - Content Server must be running for login.
User password - Users cannot change their passwords.
Interface Issues - User names do not display in the Check-In lists. However, users can participate in workflows.
Recommended For - Integration with external user base. For example:
Trusted domain/Microsoft login
LDAP
Other user database
|
Note: Currently, consulting services are required to help you interact with providers like LDAP. |