|
[User
Guide]
Master Controller Security Administrator
MCSA is responsible
for NTMC security administration, including definition of user
groups and user accounts. Once security databases are defined, security policies
are enforced in real time by all NTMC components. The sections below summarize the program’s most
important activities.
Definition of User Groups
Each user
group is a collection of rules, or privileges granted to its members. The rules
are specified for each class of NTMC objects, such as remote
units, loads, capacitor
banks, etc. The rules define activities permitted when group members are
dealing with such system objects. For example, in the case shown below, members
of the group Irrigators are allowed to view and operate load management loads,
but they are not allowed to do anything else with them.
Definition of User Accounts
To access NTMC
each user needs to have an account. Every account defines the following user
attributes:
- Username and password - used by security system to authenticate the
account owner
- Group membership - used by security system for authorization purposes
- First Name and Last Name - used by the system to create audit trails
For example, in the case shown below, the account identified by username JSmith
belongs to a person named John Smith who belongs to the group Operators.
Once logged on all user activities are recorded in event log files by all NTMC
components. As usual, all events are time stamped and categorized. In addition,
all events manually triggered by a user also record the username, user first
name, and user last name. Log - On events additionally identify user's host
(computer) network id, or the internet when Log-On is via the internet.
NTMC Object Ownership
Provides even tighter control over access to NTMC resources via the
internet. When a particular NTMC object is owned by a user, and
that object is tagged so that it can be accessed by owners only (Owner Access
Only, or OAO in the figure above), only that user can access the
owned object. In the example above, John Smith owns the load called Irrigator9.
Since Irrigator9 is tagged with Owner Access Only, only John
Smith is able to access the abovementioned load even though other members of
the group Irrigators have the privilege to view NTMC objects
of class Load.
Usage
MCSA is a security database
editor. Once database is defined MCSA can be terminated. Security manager,
integrated into all NTMC server components, reads the database and
enforces security policies in real time, throughout the system. MCSA needs to be
run only when one is modifying security database.
| 
