The Zend Server for IBMi User Management system allows you to control and manage Zend Server users and includes two complementary components: Authentication and Authorization. Users accessing Zend Server are required to authenticate by supplying a set of credentials, according to which they are awarded pre-defined user-specific permissions. Administrators can thus be assured that their production environment is properly controlled and accessed.
The Authentication component determines whether an entity actually is what it purports to be (i.e., identification), based on a set of credentials. Zend Server supports two methods of authentication: Simple and Extended.
By default, Zend Server for IBMi will authenticate users using the internal user definitions as defined when Zend Server for IBMi is launched for the first time. This authentication method requires a username and a password.
Zend Server supports the LDAP (Lightweight Directory Access Protocol) authentication service, allowing users to authenticate with a remote LDAP server. This feature also allows administrators to assign an LDAP user group to a particular Zend Server user role (i.e., Administrator, Developer, DeveloperLimited), thus granting all members of this group the associated user permissions. In addition, administrators can assign LDAP user groups to specific applications managed by Zend Server.
The Authorization component decides whether to allow an entity access to, or to perform, specific actions. In Zend Server, these entities are defined as user roles: Administrator and Developer (default). These user roles define the level of access to the various Zend Server for IBMi features. As a rule, a user defined as an 'administrator' has full functionality access, where as a user defined as a 'developer' has read-access permissions only. For example, PHP extension directives can be configured by an administrator, yet only viewed by a user with developer permissions.
When using Extended Authentication a third user role is added - 'developerLimited', awarding an LDAP user group developer permissions for a specified application.
Note:
For a full list of user permissions, see User Permissions.
Zend Server also allows you to authenticate users with a customized authentication system using a Custom Authentication Adapter. See Working with Authentication and Passwords for more information.