Client Security

The Client Security tool in AEM is used to configure the User Authentication and Appeon Workspace securities.

Figure 128. Client Security

Client Security

User Authentication

User Authentication is a tool to configure the security of the PowerServer deployed applications. All the deployed applications are listed in the tool and are configured individually.

Figure 129. Application Security

Application Security

Viewing the current settings

1) View the current application security settings for all applications available in the User Authentication page.

  • Application Name -- Lists the names of all the deployed applications. The names are automatically registered with AEM when an application is deployed by PowerServer Toolkit to the PowerServer.

  • Configured Groups -- The number of groups with access rights to the PowerServer Web application or the PowerServer mobile application.

    To view the names of the groups, click the link at the application name. To view details of the groups, go to the Group Management page.

  • User Authentication -- Shows the security mode for the user authentication. This is only effective when the Security Toggle is on in System Security.

    "Security on" explicates that the user will be prompted to enter the user name and password when accessing the selected application, while "Security off" requires no user name and password for the application access. You can click the link of an application name listed in the User Authentication table and switch the security mode in the page that displays subsequently.

2) View the details of the current application security settings for a single application, by clicking an application. The detailed security settings for the selected application are displayed.

Figure 130. Detailed security settings for an application

Detailed security settings for an application

As the following table shows, different application security settings determine different security behaviors in a PowerServer application.

Table 30. Application security settings and security behaviors in a PowerServer application

User Authentication

A Given Group

Security behaviors in a PowerServer application

Off

Assigned

All users can access to a PowerServer application without being prompted for a user name or password.

Unassigned

On

Assigned

Users of an assigned group have access rights to a PowerServer application and they are prompted for user names and passwords when loading a PowerServer application.

For offline applications, you are only prompted for user names and passwords when connecting to the database.

Unassigned

Users of an unassigned group do not have access rights to the PowerServer application.


Modifying the security settings of an application

The user can enter the security-setting page of the application by clicking an application name link on the User Authentication page.

With the LDAP security type selected, the security-setting page automatically loads the latest user and group information from the specified LDAP server. If changes are made to users and groups at the LDAP server, you can use the Refresh button (on the Web browser toolbar) to include the latest update to the page.

With the Appeon security type selected, the security-setting page loads user and group information from AEM Group Management and User Management.

In this page, you are able to:

  1. Skip the system login window when loading the application

    Set the user authentication to Security Off in the Application Security group box. By default, the "Security Off" option is selected. This assumes that all users can access an application without user authentication.

  2. Display the system login window before loading the application

    Set the user authentication to Security On by selecting the Security On radio button.

  3. Display a custom login window before loading the application

    Set the user authentication to Security Off in the Application Security group box; keep the System Security setting as On and set the Security Type setting to LDAP Security in the System Settings tool; write codes in the PowerBuilder program to call "appeonldaplogon" function to display a custom login window for LDAP security login. For details, refer to the section called “AppeonLDAPLogon function” in Workarounds & APIs Guide.

  4. Assign a group to the application

    Select a group from the Unassigned Groups list. Click the forward button (>>>) to shift the group to the Assigned Groups list.

    By default, all the groups are listed in the Unassigned Groups list. The groups are read from the PowerServer (if the security type is Appeon security) or the LDAP server (if the security type is LDAP security) in use.

  5. Unassign a group from the application

    Select a group from the Assigned Groups list. Click the back button ("<<<") to shift the group to the Unassigned Groups list.

    Click the Save button to apply changes.

Appeon Workspace

Figure 131. Appeon Workspace application security

Appeon Workspace application security

Introduction to Appeon Workspace

Appeon Workspace is a free native mobile application which can only be distributed internally or privately. As its name suggests, it is a workspace provided by Appeon to simplify distributing, running and managing the PowerServer native mobile applications. In Appeon Workspace, you can download and run the PowerServer native mobile applications conveniently, and can configure a number of settings for the application, such as log, title bar, etc. For detailed information on Appeon Workspace, please refer to the Appeon Workspace User Guide.

Since Appeon Workspace can install the native mobile application from PowerServer, you may want different applications on the same PowerServer to be installed by different mobile devices, for example, you may probably want application A to be installed by the mobile device from company A only, and application B by the device from company B only, etc. In such cases, you can take advantage of the Appeon Workspace security tools in AEM to control each application's access rights. You can follow these procedures to configure the tools:

  1. Adding an Appeon Workspace client: see Adding an Appeon Workspace client for details.

  2. Adding an Appeon Workspace group and assigning the client to the group: see Adding an Appeon Workspace group for details.

  3. Enabling the Appeon Workspace security and assigning the app accessibility rights to the group: see Setting Appeon Workspace security and Assigning access permissions for details.

Setting Appeon Workspace Security

Appeon Workspace security settings for each application are configured individually.

Step 1: Click on an application name, and the Appeon Workspace page appears.

Figure 132. Configuring Appeon Workspace

Configuring Appeon Workspace

Step 2: Select the Security Off radio button to set the security off, or select the Security On radio button to set the security on. This is only effective when the Security Toggle is on in System Security.

If the security is set to On, only assigned users have rights to access the application.

Assigning access permissions

To assign access right of an application to a specific user group, click on the application. In the Appeon Workspace Permissions table, move the group you intend to assign access right to in the Unassigned Group list box to the Assigned Group list box.

If you want to deprive access right from a specific group, just move it from the Assigned Group list box to the Unassigned Group list box.

Note: For offline applications that start up offline (the startup mode is Offline), if the Setting Appeon Workspace security option is set to Security On, and if the application runs on an unassigned device, all operations that need to access the PowerServer are forbidden.