Defining security groups
RICOH ProcessDirector provides several predefined security groups: Administrator, Supervisor, Operator, and Monitor. You can create your own security groups by copying one of those security groups and adding or removing actions that the group has permission to do and properties that the group has permission to change.
Users can be members of more than one security group. If you belong to more than one group, the system automatically gives you the authority of the highest level group that you belong to. For example, you are a member of both the Operator and Supervisor groups. When you log in, the system gives you Supervisor authority, so you can do actions that a member of the Operator group cannot.
If a user is a member of multiple security groups with different permissions, the user has any permission authorized by any of the groups.
If you have LDAP authentication activated, you must map RICOH ProcessDirector security groups to existing LDAP groups. RICOH ProcessDirector checks the LDAP groups for a user the first time the user logs in and assigns the user to RICOH ProcessDirector groups based on the product to LDAP group mapping. See the examples in the table below.
Product to LDAP group mapping
Product group | LDAP group |
---|---|
Administrator | Network Administrators |
Administrator | First-shift Administrators |
Administrator | Second-shift Administrators |
Supervisor | First-shift Supervisors |
Supervisor | Second-shift Supervisors |
Supervisor | Third-shift Supervisors |
Operator | First-shift Operators |
Operator | Second-shift Operators |
Operator | Third-shift Operators |
Monitor | Sales |
Monitor | Preflight |
- Note:
- RICOH ProcessDirector uses the name of the LDAP group in the Group search filter property when it authenticates an LDAP user to RICOH ProcessDirector.
If you do not synchronize product groups with LDAP groups, RICOH ProcessDirector does not check the LDAP groups for a user after the first log in. You can add users to groups manually in RICOH ProcessDirector.
If you synchronize product groups with LDAP groups, RICOH ProcessDirector checks the LDAP groups for a user at each log in and updates the product group memberships for the user based on the product to LDAP group mapping. RICOH ProcessDirector groups are inactive unless they are mapped to LDAP groups. You make changes to the security group memberships for a user in LDAP.