Support User Manuals

Raritan Engineering DOMINION KXII Switch User Manual

Open as PDF

of 182

24 DOMINION KX II USER GUIDE

Users, Groups, and Access Permissions

Overview

The Dominion KX II stores an internal list of all user and group names to determine access

authorization and permissions. This information is stored internally in an encrypted format. There

are several forms of authentication and this one is known as “local authentication”. All users have

to be authenticated; if Dominion KX II is configured for LDAP or RADIUS, that authentication is

processed first, followed by local authentication.

Users

User names and passwords are required to gain access to the Dominion KX II unit. This

information is used to authenticate users attempting to access your KX II unit. Refer to

User

Management for more information about adding and editing users.

Groups

Every Dominion KX II unit is delivered with three default user groups; these groups cannot be

deleted:

Admin Users that are a member of this group have full administrative privileges. The

original, factory-default user is a member of this group and has the complete set

of system privileges.

Unknown This is the default group for users who are authenticated externally using LDAP

or RADIUS. If the external LDAP or RADIUS server does not identify a valid

user group, the Unknown group is used.

Individual

Group

An individual group is essentially a “group” of one. That is, the specific user is

in its own group, not affiliated with other real groups. Individual groups can be

identified by the “@” in the Group Name.

In addition to the system-supplied default groups, you can create groups and specify the

appropriate permissions to suit your needs. Refer to

User Management for more information

about creating and editing user groups.

Relationship between Users and Groups

Users belong to a group and groups have privileges. Organizing the various users of your

Dominion KX II into groups saves time by allowing you to manage permissions for all users in a

group at once, instead of managing permissions on a user-by-user basis.

You may also choose not to associate specific users with groups. In this case, you can classify the

user as “Individual.”

Upon successful authentication, the device uses Group information to determine the user’s

permissions – which server ports are accessible, whether rebooting the unit is allowed, and other

features.

previous next