RCM101D User Manual
The Permission Attribute Value (for RADIUS and LDAP)
The attribute value for permission is made up of two parts: 1) the IP address of
the RCM101D a user will access; and 2) a string that indicates the access rights
the user has on the RCM101D at that IP address. For example:
192.168.0.80&c,w,j;192.168.0.188&v,l
The makeup of the permission entry is as follows:
An ampersand (&) connects the RCM101D's IP with the access rights
string.
The access rights string is made up of various combinations of the
following characters: c w j p l v s. The characters can be entered in upper
or lower case. See Permitted String Characters table below.
The characters in the access rights string are separated by a comma (,).
There are no spaces before or after the comma.
If a user has access rights to more than one RCM101D, each permission
segment is separated by a semicolon (;). There are no spaces before or
after the semicolon.
Use the following keyword for Radius and LDAP setting: su/[username]
– the username must be a real user account that exists in the system.
LDAP should use RCM101D-userProfile, or can waive this. The login
name must exist in the local account.
Permission String Characters
Character
C
Grants the user administrator privileges, allowing the user to configure
the system.
W
Allows the user to access the system via the Windows Client program.
J
Allows the user to access the system via the Java applet.
L
Allows the user to access log information via the user's browser.
V
Limits the user's access to only viewing the video display.
M
Allows the user to use the Virtual Media function – Read / Write
Note: Authentication refers to determining the authenticity of the person
logging in; authorization refers to assigning permission to use the
device's various functions.
42
Meaning