System information
FCD 901 48
Issue R2A, 07.2009
XMP1 Release 5.5 System Description
Configuration
Page 6-30 Proprietary Information Aastra
Impersonation
If „ImpersonateClients“ is set to “true”, the SoXServer tries to execute the
command die Kommandos “Delete alarms”, Acknowledge alarms” and
“Delete performance data” with the user account of the client user. But then
there are some limitations.
Under Windows2003 the user account of the SOX Server needs the
authorization to change his Identity.
If either SOX Client and SOX Server is on the same PC or SOX Server and
Database Server are on the same PC, then there are no problems with the
Impersonation.
If SOX Client, SOX Server and Database Server are on different PCs, then
stronger security rules become effective. All PCs must be part of an Active
Directory. For authentification the Kerberos protokoll must be used. The
tokenImpersonationLevel
Using the "tokenImpersonationLevel" attribute, the
SOX Client
can authorize the
SOX Server to execute actions under the
SOX Client User Account. Possible and relevant values for SOX
applications are "Identification" and "Impersonation".
If "ImpersonateClients" has been set to "true" in the
SOX Server
configuration file, the
SOX Client should set the
"tokenImpersonationLevel" attribute to "Impersonation".
Otherwise, the
SOX Server will reject certain commands leading
to changes in the Database.