OpenEye Web Services (OWS) uses User Groups to manage permissions and access to devices, making user management easier and more secure. The latest update to OWS improves the logic for managing users group permissions to better support operational and security needs. OWS now offers more granular control of user management permissions, adhering to the cybersecurity practice of "Principle of Least Privilege," reducing the likelihood of users making unwanted changes to an account.
Managing built-in user groups
OpenEye Web Services offers several built-in, default user groups with predefined permissions. Users can be given access to view, add and remove other users from the built-in user groups.
Editing the External Allow List
User groups can be configured to allow or restrict access to remote clients by IP Address range. Users can be given access to edit the External IP Address settings under the Remote Client Permissions page, to restrict access or change the approved IP Addresses.
Restricted view for assigning recorder groups
When assigning permissions for access to recorders, user can only see and provide access to recorder groups that they themselves have access to. This makes it faster and easier for users to find the correct devices when configuring user groups and reduces the risk of users gaining access to systems that they shouldn't. Read more about configuring remote access to improve security
View complete permissions list
The Web Services Permissions page displays the full list of user permissions, grouped by category. Users can only assign permissions that they themselves have access too, but the restricted permissions are visible and greyed out. This provides increased awareness of platform capabilities and makes it easier to troubleshoot.
These updates to User Management in OWS strengthen the permissions structure while also providing flexibility to align user groups and permissions to operations. With more granular control and designated permissions, users can not extend permissions beyond their own permission structure and are less likely to make unwanted changes, improving system security and offering peace-of-mind to system administrators.
If a user doesn't have permissions that they had previously, confirm that they belong to the appropriate user groups or add them to the group and then add the necessary permissions to the user group. Users may no longer see all User Groups if they don't have those management permissions.FAQ: How to Add Users and User Groups