to filter off some of the user's groups if those groups are not allowed at that
location.
Also remember that groups can have Whens associated with them, so a user being
a member of that group does not guarantee that those rights are always granted to
that user.
If the system is using Built-in authentication, then the password field is used for
authentication when a user logs in. However, if the system is using LDAP,
Kerberos, or RADIUS authentication, then the password field is unavailable. The
authentication procedure is explained in the Rights Management chapter.
In order for the rights to be allocated, you must meet the who, when, and where
criteria:
• Who is the authentication via the built-in, Kerberos, LDAP, or RADIUS services.
• When is the time filter for the group; later we'll see that the location can also be
filtered by When.
• Where is the location with which the client associates.
Now, let's take a look at how this really works.
C.4
Example 1, Rights Debugger
The Rights Debugger is a useful tool for the administrator to figure out how rights
are allocated to a client based on who, when and where.
Step 1.
Click Debug.
The Rights Debugger screen appears, as shown in
C-12
Figure C-7. Rights Debugger
Figure
C-7.
Rights Tutorial