Access Management
This section contains information on how to set up access restrictions to the Designer and the Server.
- Restrictions to the Designer affect the creation or modification of destinations, sources and extractions
- Restrictions to the Server affect the execution of extractions
There are two types of users and user groups, access can be restricted to:
- Windows AD users (Kerberos authentication)
- Custom users (Basic authentication)
Authentication Between Designer and Server
The connection between the Designer and the Server can be established using different authentication and encryption methods. The authentication method guarantees the verification of the identity of the logged in user.
The following combinations of transport encryption and authentication are available:
Note
To use Kerberos transport encryption or authenticate an Active Directory (AD) user, a Kerberos Target Principal Name (TPN) is required. TPN can either be a User Principal Name (UPN) or a Service Principal Name (SPN). For more information on TPN, see Knowledge Base Article: Target Principal Field (TPN).
| Authentication Method | Description | TPN required |
|---|---|---|
| Windows credentials (current user) | The AD user, who runs the Designer authenticates themselves towards the Server via Kerberos. All data exchanged between Designer & Server is encrypted using Kerberos. |  |
| Windows credentials (different users) | The AD user, whose user name and password are entered in the login window, authenticates themselves to the XU server via Kerberos. All data exchanged between Designer & Server is encrypted using Kerberos. | |
| Custom credentials (TLS encryption) | The custom user, whose user name and password are entered in the login window, authenticates themselves to the Server. All data exchanged between Designer & Server is encrypted via TLS. To use TLS transport encryption, an X.509 server certificate is required for the Service (can be stored in the server settings. In the login window, the DNS hostname of the server for which the certificate is issued needs to be entered into the Server field. |  |
| Custom credentials (Kerberos encryption) | The custom user, whose user name and password are entered in the login window, authenticates themselves to the Server. All data exchanged between Designer & Server is encrypted using Kerberos. | |
| Anonymous (no encryption) | There is no authentication. The data exchanged between Designer & Server is transferred in plain text without transport encryption. | |
Activate / Deactivate Authentication
Follow the steps below to activate or deactivate authentication methods:
- Open Server > Settings from the main window of the Designer.
- In the tab Configuration Server, activate or deactivate your authentication methods.
- Click [OK] to confirm your input. If prompted, restart the server.
When starting the Designer, only the activated authentication methods are available for the server connection.