Configuring security system settings

Security system settings control the way users log into IEE. IEE supports Itron Authentication and Windows Authentication for user accounts. When using Windows Authentication, the user is authenticated against the Active Directory, and the IEE sign-in prompt does not display.

  1. Go to System Administration > System Admin > System Settings.

  2. From the Section dropdown menu, select General.

  3. Configure the following parameters:

    • Allow Authentication Type Change

      Determines whether to allow IEE to override the default authentication type when adding new users or updating existing users. Select True to enable. Select False to disable.

    • Allow Custom Reports to Use Default DB Credentials

      Determines whether the Custom Report template uses the default IEE database credentials when the credentials are not specified on the template.

      When set to True, anytime the User Name and Password fields on the Custom Report task parameters are not populated, the custom report template uses the default IEE database credentials. The default database credentials are the credentials that the IEE rich client and the application servers use to connect to the IEE database. If you select False, then the credentials must be specified on the custom report template.

      There is a security implication in setting this value to True because IEE automatically uses the default DB credentials. You can control access to the system settings by granting access only to administrators, who should only change this setting when warranted by your business process. Similarly, when setting the value to False, the user has to enter the DB credentials on the report template. This may introduce security implications by requiring users to possess knowledge of the DB user/password. On SQL Server deployments, this setting is only relevant when not using Windows integrated database authentication.

    • Allow Only Database Procedures in Custom SQL Adapter

      Determines whether the Custom SQL Adapter allows you to specify only database procedures in the command text. Select True to instruct the adapter to analyze the command text when a task runs. If the text contains anything other than a database procedure call, the task fails. Select False to allow any text, including potentially damaging commands. Commands to modify data, such as update, delete, truncate, and insert, pose a security risk.

      The Custom SQL adapter is a powerful tool for extending IEE. This setting controls whether anyone configuring the task can execute data modifying commands.

      For maximum security set this value to True. Any proposed SQL command can be reviewed by your DBA, approved, and converted into a database procedure.

    • Background Re-Authentication lnterval

      Defines the number of minutes to wait before IEE polls either the IEE database or the Active Directory for re-authenticating users. Use this setting to check whether users were removed, disabled, or unauthenticated while they are still using the application. The value you enter determines the frequency of re-authentication.

    • Data Level Security Enabled

      Determines whether to enable Configuration Data Level Security. Select True to enable. Select False to disable.

    • Default Authentication Type

      Defines the authentication type to use for authenticating a user (ItronIdentity) when they log on. Select Itron or Windows (active directory). Verify that the user is assigned accordingly.

    • Enable Advanced Security

      Determines whether to enable administrative users, using the web client, to associate user roles with groups. To associate roles with user groups, from the Manage Users window click Save&Next. A second Manager Users window appears where you can associate each role with one or more user groups.

      The Advanced Security setting provides a way to create role-group associations and to control the access to different entities (associated with groups) in different functions(associated with roles).

      Exceptions to the rule need to be managed by creating a new role that is not associated with groups, by default.

      Important! Changing the value from False to True proceeds without warnings. However, changing the value from True to False generates a warning if you have links set up. IEE does not allow you to save the change until you remove these links.

  4. Click Save.