2017 R1

Security Aspects and RecommendationsPermanent link for this heading

It is recommended to use the following user roles in access control lists to manage the access rights of portal users to the objects in the Fabasoft Folio Domain.

Portal Service UserPermanent link for this heading

To secure traffic between the portal server and Fabasoft Folio a valid user certificate for one specific service user which is trusted by the Fabasoft Folio Web Services is needed. The portal configuration in the Fabasoft Folio Domain contains a mapping between the portal server's IP address and the portal service user's certificate. The common name of this certificate is the login name of the portal service user in Fabasoft Folio. All requests from the portal server are executed in the context of the portal service user. To impersonate a portal user the portal service user has to be a privileged user as described in chapter “Fabasoft Folio Portlet Privileged User”.

Portal UserPermanent link for this heading

Use this position in access control lists for objects in Fabasoft Folio, portal users need to access to.

To make sure that every automatically created user has the Portal User role, define a default position template in the Fabasoft Folio group for portal users (see chapter “Fabasoft Folio Group for Portal Users”).

Anonymous Portal UserPermanent link for this heading

It is highly recommended to assign the role Anonymous Portal User to the configured user for the anonymous access and to manage access rights with this position in access control lists for anonymous access to Fabasoft Folio.

Note: All requests originating from the portal server are being processed in the context of this user if the portal user is not logged in to the portal server.