Use the Authorization Realms pane to create authorization realms and user groups for the server. Groups can be imported from external systems, such as LDAP.
The available authorization realms for the server are as follows:
Uses internal role management. The default authorization realm (Internal Security) is of this type.
LDAP or Active Directory
Uses external LDAP role management.
Provides single sign-on authorization.
Creating an internal storage authorization realm
Internal storage realms do not retrieve users from any external source. Instead, you add users to internal storage authorization realms manually.
- Creating an LDAP authorization realm
An LDAP authorization realm defines how to use an external LDAP server for group authorization.
- Creating an SSO authorization realm
A single sign-on (SSO) authorization realm uses an external server for authorization.
- Creating groups manually
Groups are logical containers that are mechanisms that grant permissions to multiple users; members automatically share a group's permissions. Only authorization realms of the internal storage type can have manually created groups. Others types, such as LDAP, import groups cannot have manually created groups.
- Adding users to groups manually
Authorization realms of the internal storage type can have manually created users. Others types, such as LDAP, import user groups cannot have manually created users.
Parent topic: Managing security