<< Click to Display Table of Contents >> Navigation: Robo-FTP User's Guide > Robo-FTP Framework > Configuring the Framework > Group Settings and Group Permissions |
The Robo-FTP Framework is designed to give you fine-grained control over the permissions for jobs. This is done by creating and managing job groups with your desired permissions and assigning jobs to these groups. Job groups are created from the Configurator's Scheduler page, under the "Group Settings" tab:
Here you can add and remove job groups, assign permissions, and set the user account under which all jobs in the job group will run. By assigning separate user accounts to separate job groups and restricting permissions, you can more effectively limit access to resources to only those users who need it, according to the principle of least privilege.
Permissions
Job groups are protected with the same set of permissions offered by the Windows filesystem. When a given user logs in to the Framework's web-based interface, their ability to edit, run, or otherwise manage jobs of a particular group are governed by how these permissions are set for that user.
Read & Execute - The logged-in user will be able to directly run a job under this job group.
List folder contents - The logged-in user will be able to view the list of all jobs for this group.
Modify - The logged-in user will be able to edit job definitions and schedules under this job group.
Write - The logged-in user will be able to create and edit job definitions and schedules under this job group.
Additional Per-Group Framework Settings
Additional settings are available on the Framework's web-based interface which can be configured on a per-group basis. These include the duration that framework data is stored for the group before being pruned, the target email address for error notifications, and settings for the error email subject line and message body. They can be accessed by opening the Framework's "Settings" page and selecting the appropriate job group from the dropdown list:
Improving Initial Page Load Time
When logging into the Framework as an Administrator for the first time after the Robo-FTP Scheduler Service starts or restarts, the initial page load can be very slow depending on your Active Directory configuration, up to one minute in some cases. This is caused "under the hood" by the need to look up the security token associated with the Administrators group, which is not stored internally with the user token (due to UAC policy) and needs to be looked up separately. This security token is then cached, so that subsequent page loads are fast. There is a way to get around this initial slowness, but it requires some additional configuration up front. You will need to create your own non-restricted group(s) and give them "full control" permissions to each Framework job group that will be accessed through that group. Job group permissions can be configured through Configurator's "Scheduler" page, under the Group Settings tab. Lastly, for each user that logs in to the Framework, make them a member of those group(s). This avoids the need to look up the Administrator group's security token and eliminates the initial page load delay.