Authorization is the process of ensuring that you have access only to the proper resources. In the Console, authorization is provided in two ways:
Regardless of your connection method or user account, authorization is managed and controlled under the security context selected for the Scribe Event Manager service. This context is used as all Integration Processes are run here. You can use the System account or a privileged user account.
If you create or select an account with restricted privileges, you mitigate security risks. Also, the credentials of this account are never sent across the wire.
The actions allowed on a resource depend on the resource itself:
| Resource | Actions | Control |
|---|---|---|
| Scribe Processes | Add, Edit, Pause, Resume, and Delete Processes. | Unlimited |
| Start, Terminate, and Monitor running jobs. | Unlimited | |
| Configure email error reporting settings. | Unlimited | |
| Adjust system sleep periods. | Unlimited | |
| View Execution Logs. | Unlimited | |
| File System | Browse, Rename, Move, and Delete files. | Restricted to folders from a user-defined list and their subfolders |
| Browse, Rename, Move, and Delete folders. | You can apply further restrictions on a per folder basis using NT security | |
| ODBC Data Sources | Restricted by the database login (user name and password are sent encrypted over the wire) | |
| System Services | Browse, Start, Stop, Pause, and Resume Services. | Restricted to Services from a user-defined list |
| MSMQ Message Queues | View, Move, Copy, and Delete Messages. | Restricted to Queues from a user-defined list |
See also