VM:Webgateway Web Server
Select where you want to go:

System Administrator Tasks - Advanced
Serving Files Using Alias Names
Serving Files from Logical Directories
On a Minidisk
On an SFS Directory
On a BFS Directory
When Using CMS Search Order
Serving CGI Programs
Dynamically Including Information in Files
Creating Clickable Images
Filtering Static Files
Summary of Setting Up Access Control
Determining How to Control Access
Authenticating Web Browser Users
Determining Group Membership
Setting Up Access Control for the Server Root Domain
Setting Up Access Control for All User Pages
Analyzing Your Server Log

Determining Group Membership

Summary of Steps | Steps in Detail

Summary of Steps

  1. Place a REALM (if required) and a PASSWORD access control record in a DIRMAP or ACCESS file to specify how you want VM:Webgateway to authenticate a web browser user.
  2. Place a GROUP access control record in the same DIRMAP or ACCESS file to specify how you want VM:Webgateway to determine group membership for a web browser user.
  3. Place one or more of the following access control records in a DIRMAP or ACCESS file to cause VM:Webgateway to determine to which groups a web browser user belongs:

Steps in Detail

  1. Place a REALM (if required) and a PASSWORD access control record in a DIRMAP or ACCESS file to specify how you want VM:Webgateway to authenticate a web browser user.

    VM:Webgateway must authenticate a web browser user before it can determine group membership. For more information, refer to Authenticating Web Browser Users in the side bar.

  2. Place a GROUP access control record in the same DIRMAP or ACCESS file to specify how you want VM:Webgateway to determine group membership for a web browser user.

    VM:Webgateway can determine group membership using one of the following:

    ACI groups
    Specify VMDIR on the GROUP record. You cannot use ACI groups if you use client certificates to authenticate users.

    Site-maintained file
    Specify the name and location of a file that contains userids and the groups to which the userids belong. A site can set up more than one group file. However, you can use only one group file for each request for data.

    If you use client certificates to authenticate browser users, and you want to control access to data using group membership, include a USERID parameter on the PASSWORD record to identify the client certificate field to use for the userid (for example, CCERTEMAIL for the e-mail address).

    Site-written user exit
    Identify the name of the user exit on the GROUP record. A site can set up more than one group user exit. However, you can use only one group user exit for each request.

    VM:Webgateway allows only one method for determining group membership for each request to serve data. If VM:Webgateway evaluates a GROUP record in a DIRMAP or ACCESS file, and then encounters a subsequent GROUP record that specifies a different method for determining group membership, it will issue an error.

  3. Type one or more of the following access control records in a DIRMAP or ACCESS file to cause VM:Webgateway to determine to which groups a web browser user belongs:
    • WHEN GROUP
    • WHEN USEREXIT with a GROUPS parameter
Top
Select where you want to go:
Copyright © 1998, Sterling Software, Inc.