4.0 FreeFlow
®
Print Server System Access
This section focuses on user access to the FreeFlow
®
Print Server platform from the local and
remote hosts. You can access the FreeFlow
®
Print Server GUI, and Solaris
®
OS locally or remotely
as a registered known user when properly authenticated.
4.1 User Based Roles (RBAC)
The Solaris
®
OS supports a Role-Based Access Control (RBAC) to assign users to pre-defined
Roles to simplify administration of feature access policies. User access to the FreeFlow
®
Print
Server platform is achieved using the local FreeFlow
®
Print Server GUI. Local terminal window,
or remotely over the network, and subject to RBAC access control supported by the Solaris
®
OS.
Any local GUI, local terminal windows, or remote login is associated with a FreeFlow
®
Print
Server user account, which is tracked by audit services. See Section 5.3 “Audit Logging” for
more information
You can manage Authorization of user functions via Role Based Access Control (RBAC) whereby
the OS validates access based on permissions assigned to user roles, Individual users are
associated to Roles via their Group association. See Section 4.2 “User & Group Management”
for more information.
4.2 User & Group Management
The FreeFlow
®
Print Server application uses the underlying Solaris
®
OS user and group
database and Role-Based Access Control (RBAC) to create users and assign them to pre-defined
roles that achieve specific access levels in the FreeFlow
®
Print Server GUI and the underlying
OS. The Solaris
®
OS installs with predefined built-in system users, which are secured by access
restrictions, account locks, and an assigned login shell. You can prevent login for a user account
by assigning a non-functioning shell (E.g., null shell).
The FreeFlow
®
Print Server GUI application built-in users are System Administrator, Operator
and User. You can create users for the Operator role for the purpose of managing jobs from
the Job Manager UI. Any login to the FreeFlow
®
Print Server GUI, is associated with a
FreeFlow
®
Print Server user account, and audit records can be captured when GUI Console
logging is enabled. A local FreeFlow
®
Print Server user account is composed of the username
and an associated group. Each user account is a member of one group and associated with
only one group. The group membership of a user account defines/authorizes the FreeFlow
®
Print Server user for the access rights assigned to that group.
The FreeFlow
®
Print Server users can access the system through the local GUI, using a local
Unix terminal window, or remotely over the network using applications such as FreeFlow
®
Remote Print Server, SFTP, SSH, and other secure remote applications. The FreeFlow
®
Remote
Print Server (FFRPS) application can be run on a Windows
®
or MAC client, and is an RPC-based
connection to retrieve the FreeFlow
®
Print Server GUI to the client application display, and have
the ability to Manage jobs and printing remotely. Login audit records are captured for terminal
window and remote network login when the Security profile is set to “High”. See Section 5.3
“Audit Logging” for more information.
A FreeFlow
®
Print Server GUI logon session, login session from a “local” terminal window, or
remote network login, begins upon successful authentication (a.k.a., verification) of a username
and credentials (a.k.a., password). The login ends by logging off which can be either user-
initiated or system-initiated. Once the FreeFlow
®
Print Server GUI, terminal window login, or
remote network login session is established, the user can interact with the system, subject to
the Authorization and Access Control Policies associated with the settings of the Current
Security profile, group association, and file/directory permissions. You can manage