Difference between revisions of "Maintenance"

Latest revision as of 18:15, 9 August 2023

Maintenance

In this menu, You can manage accounts that can access the imRAD management interface. It also has audit logs that are a sequence of activities.

Accounts

The Maintenance Accounts are divided into two types. The first type is "Administrator" which is a privileged user. The second type is "Operator" which is a non-privileged user which means only having READ privilege.

You can create an account by clicking the "Create New Account" button at the top right of the list.

Item	Required	Description
Accounts Type	Yes	Choose one type.
Login ID	Yes	The multibyte or Non-ASCII characters(e.g, Korean, Japanese) are not allowed and the maximum length is 64 characters.
Login authentication Type	Yes	The imRAD supports three login authentication methods that are Local: The credentials are validated from the local imRAD Database. RADIUS: The credentials are validated via a remote RADIUS server. LDAP: The credentials are validated via an LDAP server. Note that you must define an Authentication Entity before creating an account that is validating via either the RADIUS or LDAP.
Temporary Password	Yes	Temporary Password means that the password of an account is short random text. If a user logs in with an account whose password is Temporary, The user must change its password before login. If not, he can't log in. You may create an account for a new user to enable to change its password before login.
Email	No	Email address of a user.
Description	No	Description of a user.

Temporary Password

As described in the above table, Temporary Password makes it possible to change its password before login. When a user tries to log in with an account that was set a Temporary Password, the system moves a page in which a user can change its password.

All saved passwords in the local imRAD Database are not decrypted as plaintext because all passwords are encrypted by secured cryptographic hash functions (CHF).^[1] Although a user wants to know his/her password because a user forgot it, you can't provide the password as plaintext. Instead, you can generate the Temporary Password for an account.

The Temporary Password is only available for accounts whose authentication type is "LOCAL". If you set The Temporary Password to an account, a user MUST change the password within 3 days. If not, the account will be locked.

Lock/Unlock

The account may change to a locked state and a user can't log in with the account. There are three types of "LOCK" states.

'auto-lock: If a login failure exceeds the specified number of login failures, we automatically lock the account for specified minutes. In this case, we change the locked state to "auto-lock". The "auto-lock" will be unlocked after elapsing the specified minutes. The specified number of login failures and minutes are defined in the "Managemnet> Settings > Security".
dormant-lock: It indicates that the account was not logged in for the specified number of days that are defined in the "Managemnet> Settings > Accounts".
lock: it indicates that an administrator locks the account.

Note that an administrator can unlock all locked accounts from the details of an account by clicking the icon() in front of each row on the list.

Audit Log

An audit log(also called audit trail) is a record of events and changes, typically regarding a sequence of activities or a specific activity^[2].

Activities of all the managers(administrator and operator) users and internal events of the system are recorded as audit logs. All users can search and see all audit logs but not change or delete them.
You can see the details of each log by clicking the icon() in front of each row on the list.

Settings

Accounts

This setting contains the values to lock the account that were not logged in for a long time. If a manager does not log in while the specified days, the status of the account is changed to "dormant-lock".

The locked accounts are not allowed to log in before unlocking them.

Security

This setting defines the authentication and session policies to have you securely access the management interface.

Password Policy

Minimum Length: The minimum length of a password.
Mix of Characters: If you want a strong password, select all items.
Password Aging: It makes possible to have users forcibly change his/her password periodically.

Maintenance account Session

If you want to allow multiple sessions of the same account from different hosts or browsers, switch on the "Allow Multiple Sessions".

Even if multiple sessions are not allowed, duplicate logins through multiple browsers on a single computer are permitted.

You can also configure the session timeout and the Lockout is used to prevent a brute-force attack^[3] by locking an account for a while when a user failed its login several times.

Note that the dashboard page is not affected by the Session Termination. In other words, Even if the dashboard page is open for a long time without any interaction, the session never expires.

References

↑ Cryptographic hash function
↑ https://en.wikipedia.org/wiki/Audit_trail
↑ https://en.wikipedia.org/wiki/Brute-force_attack

[1] Cryptographic hash function

[2] ttps://en.wikipedia.org/wiki/Audit_trail

[3] ttps://en.wikipedia.org/wiki/Brute-force_attack

[1]

[2]

[3]

@@ Line 1: / Line 1: @@
 __FORCETOC__
 === Maintenance ===
-You can manage all accounts that can log in to the imRAD management. It also has audit logs that are a sequence of activities.
+In this menu, You can manage accounts that can access the imRAD management interface. It also has audit logs that are a sequence of activities.
 ==== Accounts ====
-The Maintenance Accounts are divided into two types which are either "Administrator" or "Operator".
+The Maintenance Accounts are divided into two types.
-The Administrator is a super-user or privileged user and the Operator is a non-privileged user which means only have READ privilege.
+The first type is "Administrator" which is a privileged user. The second type is "Operator" which is a non-privileged user which means only having READ privilege.
-You can create an account by clicking the "Create New Account" button at the top right on the list.
+You can create an account by clicking the "Create New Account" button at the top right of the list.
 {| class="wikitable"
@@ Line 16: / Line 16: @@
 | Login ID || Yes || The multibyte or Non-ASCII characters(e.g, Korean, Japanese) are not allowed and the maximum length is 64 characters.
 |-
-| Login authentication Type || Yes || The imRAD supports three authentication types that are
+| Login authentication Type || Yes || The imRAD supports three login authentication methods that are
 * Local: The credentials are validated from the local imRAD Database.
 * RADIUS: The credentials are validated via a remote RADIUS server.
 * LDAP: The credentials are validated via an LDAP server.
-Note that you must define an Authentication Entity before creating an account that is validating via either the RADIUS or LDAP, The below explains how to create an Authentication Entity.
+{{note|Note that you must define an Authentication Entity before creating an account that is validating via either the RADIUS or LDAP.}}
 |-
 | Temporary Password || Yes|| Temporary Password means that the password of an account is short random text. If a user logs in with an account whose password is Temporary, The user must change its password before login. If not, he can't log in.<br>
@@ Line 41: / Line 41: @@
 ===== Lock/Unlock =====
-The account may change to a locked state and a user can't log in with the account. There are three types of "LOCK" state.
+The account may change to a locked state and a user can't log in with the account. There are three types of "LOCK" states.
-*  auto-lock: If a login failure exceeds the specified number of login failures, we automatically lock the account for specified minutes. In this case, we change the locked state to "auto-lock". The "auto-lock" will be unlocked after elapsing the specified minutes. The specified numbers of login failures and minutes are defined in the "Maintenance > Settings > Security". please refer to the below section.
+*  '''auto-lock'': If a login failure exceeds the specified number of login failures, we automatically lock the account for specified minutes. In this case, we change the locked state to "auto-lock". The "auto-lock" will be unlocked after elapsing the specified minutes. The specified number of login failures and minutes are defined in the "Managemnet> Settings > Security".
-* dormant-lock: It indicates that the account was not log in for the specified number of days that are defined in the "Maintenance > Settings >  Accounts".
+* '''dormant-lock''': It indicates that the account was not logged in for the specified number of days that are defined in the "Managemnet> Settings >  Accounts".
-* lock: it indicates that a user locks the account.
+* '''lock''': it indicates that an administrator locks the account.
-Note that you can unlock all locked accounts from the details of an account by clicking the icon([[File:popup.png|23x]]) in front of each row on the list.
+{{note|Note that an administrator can unlock all locked accounts from the details of an account by clicking the icon([[File:popup.png|23x]]) in front of each row on the list.}}
+==== Audit Log ====
+An audit log(also called audit trail) is a record of events and changes, typically regarding a sequence of activities or a specific activity<ref>https://en.wikipedia.org/wiki/Audit_trail</ref>.
+Activities of all the managers(administrator and operator) users and internal events of the system are recorded as audit logs. All users can search and see all audit logs but not change or delete them.<br>
+You can see the details of each log by clicking the icon([[File:popup.png|23x]]) in front of each row on the list.
+==== Settings ====
+===== Accounts =====
+This setting contains the values to lock the account that were not logged in for a long time. If a manager does not log in while the specified days, the status of the account is changed to "dormant-lock".
-==== Audit Log ====
+The locked accounts are not allowed to log in before unlocking them.
-관리자, 운영자 또는 시스템 내부에서 처리된 로그를 확인 할 수 있습니다.  운영로그의 상세를 확인하려면 [[File:popup.png|25px]]를 클릭하여 상세 로그 정보를 확인 할 수 있습니다.
-* 발생시간: 로그가 기록된 시간을 의미합니다.
+===== Security =====
-* 아이템: 로그가 발생된 위치를 의미합니다.
+This setting defines the authentication and session policies to have you securely access the management interface.
-* 이벤트: 로그 종류를 의미합니다.
+====== Password Policy ======
-* 처리결과: 로그 처리결과를 의미합니다.
+* Minimum Length: The minimum length of a password.
-* Tag: 로그를 발생 시킨주체를 의미하며 SYS-XXX와 같이 표시되는 경우는 시스템 내부에서 발생된 로그입니다.
+* Mix of Characters: If you want a strong password, select all items.
-* 반복: 동일 로그가 연속해 반복 발생되면 그 회수가 증가합니다.
+* Password Aging: It makes possible to have users forcibly change his/her password periodically.
+====== Maintenance account Session ======
+If you want to allow multiple sessions of the same account from different hosts or browsers, switch on the "Allow Multiple Sessions".
+{{note|Even if multiple sessions are not allowed, duplicate logins through multiple browsers on a single computer are permitted.}}
+You can also configure the '''session timeout''' and the '''Lockout''' is used to prevent a brute-force attack<ref>https://en.wikipedia.org/wiki/Brute-force_attack</ref> by locking an account for a while when a user failed its login several times.
+{{note|Note that the '''dashboard''' page is not affected by the Session Termination.
+In other words, Even if the dashboard page is open for a long time without any interaction, the session never expires.}}
-==== 설정 ====
+=== References ===
-유지관리> 설정 메뉴에서 계정 휴면 및 인증 객체를 설정 할 수 있습니다.<br>
-'''계정 관리'''<br>
-운영 계정은 장시간 로그인 하지 않을 경우 자동으로 잠금 상태로 전환됩니다. 이러한 기간을 이 메뉴에서 설정할 수 있습니다.
-<br>
-'''인증객체'''<br>
-운영 계정의 3rd party 인증을 위한 객체를 생성 할 수 있습니다. 인증 유형은 RADIUS나 LDAP(또는 Windows Active Directory)으로 정의할 수 있습니다. <br>
-외부 RADIUS를 통해 인증을 하려면 RADIUS 인증 서버에 imRAD IP 주소를 등록해야 합니다.