The articles in this section deal with all aspects of User Security: how to enforce and control access rights for ITAS Users. This section covers:
Authentication - the process of verifying who you are
Authorisation - the process of verifying that you have access to something
Users are authenticated through a combination of a Windows account (Active Directory) and an ITAS (CMP) account. When using ITAS via a desktop, identification is provided through logging into the domain hosting ITAS, where the name is passed through and linked to a corresponding ITAS account (for this reason they must be the same account name). When accessing ITAS via the Web Portal, the user will be prompted for their username and password.
Users are authorised to access ITAS at Application and Data levels.
There are two principle groups managed through Active Directory that control the top level access rights for a user:
The AD group names are configurable and can be assigned through Trader Desktop -> System Settings -> Configure Active Directory.
Members of the ITAS Administrators AD group have access to restricted menu options in Trader Desktop - see here for the list.
ITAS (CMP) accounts are assigned a licence through AUTH; without an appropriate licence access will be prevented. *
Depending on requirements, users can be granted access to ITAS via a Desktop connection, Web (Access) Portal through a browser connection or both. Access rights are maintained through CMP.
Users can be assigned access to specific Trading Entities, with an associated privilege level. Trading Entity access rights can be maintained through CMP or User Admin.
At Trading Entity level, users can be granted access to ALL menu options (full access or read only), or selected menu options.
Privileges are primarily function-driven, and therefore are generally associated with specific menu options.
* For clients operating with a concurrent user licence, individual accounts do not need an ITAS Licence as access is managed dynamically at run-time
Admin tool for managing user account authentication
Access rights to data granted to users at Entity Framework level