 |  LoginProducts  SalesSupportDownloadsAbout |
| Home » Technical Support » Elevate Web Builder Technical Support » Product Manuals » Elevate Web Builder 3 Manual » Using the Web Server » Web Server Security |
Web Server SecurityThe web server uses a role-based access control (RBAC) architecture:
There are three main functional components to this architecture:
Privileges are used to secure access to various server objects like databases, dataset commands, server applications, and native server modules. Each of these server objects can be assigned a privilege that determines whether the object is accessible to the user.
If a server object is not assigned a privilege, then it is assumed to be globally accessible to any user. Also, server applications have access to all databases and datasets, regardless of the authenticated user that is making the request to the server application. This makes it very important to monitor and audit who is designated as being able to install/uninstall server applications in the web server.
Privileges can also provide access control within server applications. Server applications can check to see if the user executing a server application request has been granted a given role or privilege using one of the following methods of the incoming web server request instance:
HasRole
HasPrivilege
Please see the Server Applications topic for more information on how to access the properties and methods of incoming web server requests in server applications.
The web server is automatically configured with a set of pre-defined privileges, roles, and users that are primarily used for securing administrative access to the web server. They provide fine-grained control over what administrative functionality is granted to any given role.
Privileges
The following is the list of pre-defined privileges in the web server, separated by functional group:
Privilege Management
Role Management
User Management
Database Management
Native Server Module Management
Server Application Management
Server Status
Deployment and Folder/File Management
Roles
The following is the list of pre-defined roles in the web server and their assigned privileges:
Users
The following is the list of pre-defined users in the web server and their assigned roles:
Default Authentication Information
The pre-defined Administrator user uses the following password (case-sensitive):
You should not deploy instances of the web server into production without first ensuring that such instances have been properly configured so that the default Administrator password has been changed. For both the 32-bit and 64-bit web server services, but not the console version of the web server included for development purposes, the web server will log a warning into the system log if the default password is still set for the pre-defined Administrator user. Please see the Web Server Logging topic for more information.
The pre-defined Anonymous user does not have a password.
There are three main functional components to this architecture:
- Privileges
- Roles
- Users
Privileges are used to secure access to various server objects like databases, dataset commands, server applications, and native server modules. Each of these server objects can be assigned a privilege that determines whether the object is accessible to the user.
If a server object is not assigned a privilege, then it is assumed to be globally accessible to any user. Also, server applications have access to all databases and datasets, regardless of the authenticated user that is making the request to the server application. This makes it very important to monitor and audit who is designated as being able to install/uninstall server applications in the web server.Privileges can also provide access control within server applications. Server applications can check to see if the user executing a server application request has been granted a given role or privilege using one of the following methods of the incoming web server request instance:
HasRole
HasPrivilege
Please see the Server Applications topic for more information on how to access the properties and methods of incoming web server requests in server applications.
The web server is automatically configured with a set of pre-defined privileges, roles, and users that are primarily used for securing administrative access to the web server. They provide fine-grained control over what administrative functionality is granted to any given role.
Privileges
The following is the list of pre-defined privileges in the web server, separated by functional group:
Privilege Management
| Privilege | Description |
| AddPrivilege | Allows the user to add new privileges. |
| UpdatePrivilege | Allows the user to update existing privileges. |
| RemovePrivilege | Allows the user to remove existing privileges. |
| GetPrivileges | Allows the user to enumerate all privileges. |
Role Management
| Privilege | Description |
| AddRole | Allows the user to add new roles. |
| UpdateRole | Allows the user to update existing roles. |
| RemoveRole | Allows the user to remove existing roles. |
| UpdateRoleActiveStatus | Allows the user to update the active status of existing roles. |
| UpdateRolePrivileges | Allows the user to update the assigned privileges of existing roles. |
| GetRolePrivileges | Allows the user to enumerate the assigned privileges of existing roles. |
| GetRoles | Allows the user to enumerate all roles. |
User Management
| Privilege | Description |
| AddUser | Allows the user to add new users. |
| UpdateUser | Allows the user to update existing users. |
| RemoveUser | Allows the user to remove existing users. |
| UpdateUserActiveStatus | Allows the user to update the active status of existing users. |
| UpdateUserLockStatus | Allows the user to update the lock status of existing users. |
| UpdateUserPassword | Allows the user to update the password of existing users. |
| UpdateUserRoles | Allows the user to update the assigned roles of existing users. |
| GetUserRoles | Allows the user to enumerate the assigned roles of existing users. |
| GetUsers | Allows the user to enumerate all users. |
Database Management
| Privilege | Description |
| TestDatabase | Allows the user to test database connections. |
| AddDatabase | Allows the user to add new databases. |
| UpdateDatabase | Allows the user to update existing databases. |
| RenameDatabase | Allows the user to rename existing databases. |
| RemoveDatabase | Allows the user to remove existing databases. |
| GetDatabasePrivileges | Allows the user to get the assigned privileges for an existing database. |
| SetDatabasePrivileges | Allows the user to set the assigned privileges for an existing database. |
| GetDatabaseTables | Allows the user to enumerate all base tables in an existing database. |
| GetDatabases | Allows the user to enumerate all databases. |
| AddDataSet | Allows the user to add new datasets to an existing database. |
| UpdateDataSet | Allows the user to update existing datasets in an existing database. |
| RenameDataSet | Allows the user to rename existing datasets in an existing database. |
| RemoveDataSet | Allows the user to remove existing datasets in an existing database. |
| AddDataSetCommand | Allows the user to add new commands to an existing dataset. |
| UpdateDataSetCommand | Allows the user to update existing commands in an existing dataset. |
| RenameDataSetCommand | Allows the user to rename existing commands in an existing dataset. |
| RemoveDataSetCommand | Allows the user to remove existing commands in an existing dataset. |
| GetDataSetCommandPrivileges | Allows the user to get the assigned privileges for an existing command. |
| SetDataSetCommandPrivileges | Allows the user to set the assigned privileges for an existing command. |
| GenerateDataSetCommands | Allows the user to generate the commands for an existing dataset. |
Native Server Module Management
| Privilege | Description |
| InstallModule | Allows the user to install a native server module. |
| RenameModule | Allows the user to rename an existing installed native server module. |
| UninstallModule | Allows the user to uninstall an existing installed native server module. |
| GetModulePrivileges | Allows the user to get the assigned privileges for an existing installed native server module. |
| SetModulePrivileges | Allows the user to set the assigned privileges for an existing installed native server module. |
| GetModules | Allows the user to enumerate all installed native server modules. |
Server Application Management
| Privilege | Description |
| InstallApplication | Allows the user to install a server application. |
| RenameApplication | Allows the user to renaming an existing installed server application. |
| UninstallApplication | Allows the user to uninstall an existing installed server application. |
| GetApplicationPrivileges | Allows the user to get the assigned privileges for an existing installed server application. |
| SetApplicationPrivileges | Allows the user to set the assigned privileges for an existing installed server application. |
| GetApplications | Allows the user to enumerate all installed server applications. |
| DebugApplication | Allows the user to debug an existing installed server application. |
Server Status
| Privilege | Description |
| GetServerStatus | Allows the user to retrieve various server statistics. |
Deployment and Folder/File Management
| Privilege | Description |
| UploadFiles | Allows the user to upload files to the web server. |
| DownloadFiles | Allows the user to download files from the web server as a .zip file. |
| RenameFile | Allows the user to rename existing files on the web server. |
| RemoveFile | Allows the user to remove existing files on the web server. |
| CreateFolder | Allows the user to create new folders on the web server. |
| RenameFolder | Allows the user to rename existing folders on the web server. |
| RemoveFolder | Allows the user to remove existing folders on the web server. |
| GetFiles | Allows the user to enumerate all files in an existing folder. |
Roles
The following is the list of pre-defined roles in the web server and their assigned privileges:
| Role | Default Assigned Privileges |
| Administrators | All of the pre-defined privileges |
| Public | None |
Users
The following is the list of pre-defined users in the web server and their assigned roles:
| User | Default Assigned Roles |
| Administrator | Administrators |
| Anonymous | Public |
Default Authentication Information
The pre-defined Administrator user uses the following password (case-sensitive):
EWBDefault
You should not deploy instances of the web server into production without first ensuring that such instances have been properly configured so that the default Administrator password has been changed. For both the 32-bit and 64-bit web server services, but not the console version of the web server included for development purposes, the web server will log a warning into the system log if the default password is still set for the pre-defined Administrator user. Please see the Web Server Logging topic for more information.The pre-defined Anonymous user does not have a password.
More Support Options
This web page was last updated on Thursday, November 16, 2023 at 10:39 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ?  E-mail us at info@elevatesoft.com |
