Defining security groups

Security groups define specific authority levels for the actions that can be done in the user interface for each type of object. When a member of a group logs in to Ricoh ProcessDirector, the only actions that are available in the user interface are the ones that the group is authorized to do. You can also select what properties of each object can be viewed or set by members of a security group.

Ricoh ProcessDirector provides several predefined security groups: Administrator, Supervisor, Operator, and Monitor. You can create your own security groups by copying one of those security groups and adding or removing actions that the group has permission to do and properties that the group has permission to change.

Users can be members of more than one security group. If you belong to more than one group, the system automatically gives you the authority of the highest level group that you belong to. For example, you are a member of both the Operator and Supervisor groups. When you log in, the system gives you Supervisor authority, so you can do actions that a member of the Operator group cannot.

If a user is a member of multiple security groups with different permissions, the user has any permission authorized by any of the groups.

If you have LDAP authentication activated, you must map Ricoh ProcessDirector security groups to existing LDAP groups. Ricoh ProcessDirector checks the LDAP groups for a user the first time the user logs in and assigns the user to Ricoh ProcessDirector groups based on the product to LDAP group mapping. See the examples in the table below.

Product to LDAP group mapping

Product group LDAP group
Administrator Network Administrators
Administrator First-shift Administrators
Administrator Second-shift Administrators
Supervisor First-shift Supervisors
Supervisor Second-shift Supervisors
Supervisor Third-shift Supervisors
Operator First-shift Operators
Operator Second-shift Operators
Operator Third-shift Operators
Monitor Sales
Monitor Preflight

Ricoh ProcessDirector uses the name of the LDAP group in the Group search filter property when it authenticates an LDAP user to Ricoh ProcessDirector.

If you do not synchronize product groups with LDAP groups, Ricoh ProcessDirector does not check the LDAP groups for a user after the first log in. You can add users to groups manually in Ricoh ProcessDirector.

If you synchronize product groups with LDAP groups, Ricoh ProcessDirector checks the LDAP groups for a user at each log in and updates the product group memberships for the user based on the product to LDAP group mapping. Ricoh ProcessDirector groups are inactive unless they are mapped to LDAP groups. You make changes to the security group memberships for a user in LDAP.

 
Copyright © 2006, 2018