Overview of the authorization manager, Overview of the authorization manager -3 – Grass Valley Xmedia Server Vertigo Suite v.5.0 User Manual

XMS Configuration Guide

20-3

User rights management

Overview of the Authorization Manager

User rights management for Vertigo Suite applications is provided by Microsoft’s
Authorization Manager (often referred to as AzMan). The Authorization Manager allows for
a role-based management system, which grants or restricts user access by mapping the
user’s login profiles to roles that are inspired by job functions.

Before using the Authorization Manager, system administrators must create and configure
a Policy Store repository. The Policy Store contains the AzMan-related configuration and
Vertigo Suite access restrictions. It is manipulated via a Microsoft Management Console
snap-in. Through the snap-in’s user interface, access to various components of the Vertigo
Suite can be restricted (figure

20-1

). For more information on Microsoft’s AzMan, please

refer to http://technet.microsoft.com/en-us/library/cc732077.aspx.

Figure 20-1. AzMan’s MMC snap-in user interface used to manipulate the Policy Store

Prior to configuring the Policy Store, the type and location of the repository must be
determined. The repository can be housed in two types of containers, as demonstrated in
figure

20-2

; an XML

FILE

or a node in an A

CTIVE

D

IRECTORY

installation of Windows 2003

functional level domain (see

“Configuring the Policy Store in Active Directory” on page 20-8

and

“Configuring the Policy Store in an XML file” on page 20-22

for more information).

Figure 20-2. The Policy Store can be stored in Active Directory (left) or an XML file (right)

Policy Store