The Tick42 User Manager provides a simple means of controlling access and defining what a user is allowed to do on a service.
User Manager in the Tick42 architecture
A simple command line tool and a query language UMQL allow changes to be made to the User Manager database
The user mananger performs user name / password checks and operates a policy on failed attempts
The User Manager operates a policy on password lifetime
The user manager can reject access to a specific application
User manager can warn of impending password expiry
Access to applications or specific functionality within an application is attributed to users or groups of users. These entitlements are stored securely in a database.
User Authentication can be either via the datasbse (useful for development and testing) or delegated to a company-wide LDAP or Active Directory service.
So why would you want it?
To add a consistent, cross-platform user access control to your systems which is easy to set up and easy to monitor. Applications can define which functional elements are under control - these may range from entire applications through whether a user is allowed to see some form down to individual elements on a form - whether a user is allowed to change the state of a check box.
LDAP (or Active Directory) can provide this, but it's usually as a tightly-controlled resource under a restrictive change control policy. However, by using the Tick42 User Manager, developers can develop and test systems without bothering the network management teams, while production systems can still easily be switched to use the company-wide LDAP server for production deployments..
When LDAP is used, it's only to control user name/password, while the groups and service allocation data is managed in a local database.
How it works:
A server is installed holding sets of permissions for each application. The permissions are assigned to groups of users and each user can be in multiple groups.
The user name/password verification can either be performed by entries in the local permissions database or deferred to the Company LDAP or Active Directory service.
A simple API is provided for client applications to make authentication requests and an audit log of all activity is maintained.
User entitlements are managed via a scripting language UMQL
User Manager and the Tick42 architecture