Zend Server User Guide > Concepts > User Management

User Management

The Zend Server for IBMi User Management system allows you to control and manage Zend Server users and includes two complementary components: Authentication and Authorization. Users accessing Zend Server are required to authenticate by supplying a set of credentials, according to which they are awarded pre-defined user-specific permissions. Administrators can thus be assured that their production environment is properly controlled and accessed.

Authentication

The Authentication component determines whether an entity actually is what it purports to be (i.e., identification), based on a set of credentials. Zend Server supports two methods of authentication: Simple and Extended.

Simple Authentication

By default, Zend Server for IBMi will authenticate users using the internal user definitions as defined when Zend Server for IBMi is launched for the first time. This authentication method requires a username and a password.

Extended Authentication

Zend Server supports the LDAP (Lightweight Directory Access Protocol) authentication service, allowing users to authenticate with a remote LDAP server. This feature also allows administrators to assign an LDAP user group to a particular Zend Server user role (i.e., Administrator, Developer, DeveloperLimited), thus granting all members of this group the associated user permissions. In addition, administrators can assign LDAP user groups to specific applications managed by Zend Server.

Authorization

The Authorization component decides whether to allow an entity access to, or to perform, specific actions. In Zend Server, these entities are defined as user roles: Administrator and Developer (default). These user roles define the level of access to the various Zend Server for IBMi features. As a rule, a user defined as an 'administrator' has full functionality access, where as a user defined as a 'developer' has read-access permissions only. For example, PHP extension directives can be configured by an administrator, yet only viewed by a user with developer permissions.

When using Extended Authentication a third user role is added - 'developerLimited', awarding an LDAP user group developer permissions for a specified application.

Note:

For a full list of user permissions, see User Permissions.

Advanced - Customized Authentication

Zend Server also allows you to authenticate users with a customized authentication system using a Custom Authentication Adapter. See Working with Authentication and Passwords for more information.

 

Read Also

 

Working with Authentication and Passwords

   
  User Permissions    
  Users