ELIAS access rights

ELIAS access rights assign users to a container and an ELIAS role, which in turn controls the individual rights within the container. To cover multiple combinations, define as many ELIAS access rights as you need.

The figure below shows the Access rights dialog after access rights for AD users and groups have been defined:

1 Users / User groups originating from Active Directory or Keycloak
2 ELIAS AD group as access right with global access (created by installation routine)
3 AD group as basis for ELIAS access right (defined by global administrator)
4 AD user as basis for ELIAS access right (defined by global administrator)
5 Container that users are allowed to access

The global administrator is allowed to access all containers

6 Defines the allowed functions, see ELIAS role concept
7 Delete access right

Note: The access right is deleted without confirmation.

Defining access rights

  1. Prepare the relevant users in your Active Directory or Keycloak system. For further information, see Access management via AD andAccess management via Keycloak .

  2. Log on as Gobal admin. To do so, you can use the user account of the local administrator (Local logon).1

  3. On the ELIAS menu bar, click Access rights.

  4. At the bottom right, click Add. For your new ELIAS access right, specify the properties.
    The figure shows the dfinition of an access right for an AD group.

    1 Origin of the user accounts

    Keycloak role: All members of the Keycloak role to be specified under (2)
    AD username: AD username to be specified under (2)
    AD group: All members of the AD group to be specified under (2)
    AD domain: All members of the AD domain to be specified under (2)

    2 Name of the Keycloak role, AD user, AD group or AD domain
    3 AD domain – only for AD users and AD groups
    4 ELIAS role that will be assigned to the users selected above
    5 Container the selected users are allowed to access
    6 Global access for the selected user(s)

    No assignment to a role or a container is made.

    Users who receive global access via their ELIAS access right are authorized for rights management, container administration and ELIAS configuration.

  5. Save the ELIAS access right.

  6. Create further access rights, if required.

 

Once ELIAS access rights have been defined, they cannot be edited. Delete and recreate an access right if required.