Functional security is a new feature introduced in SiteAudit version 6.2. This document describes the functional security features and includes links to additional articles to learn more about the features and how to implement SiteAudit functional security in your environment.
Functional Security Overview
Functional security is a feature designed to control access to various SiteAudit functions. Control is maintained by assigning users to roles much like a Windows administrator assigns users to roles to permit or deny capabilities on a Windows machine. SiteAudit roles are defined and maintained within the SQL Server database used by SiteAudit.
It is not required to use functional security. In fact, many users may not use this feature especially in cases where there are few individuals who access and use SiteAudit. Cases when functional security is ideal is when multiple users want to access the SiteAudit application or database for different reasons. For example, a user may want access to data to run reports or schedule monthly billing statements but should not be permitted to change discovery criteria nor upgrade the database. Another user may want to monitor daily activity but should not be able to modify configuration information nor start/stop the monitoring service. These scenarios are perfect examples where functional security is beneficial.
What is Functional Security?
Functional security is a term used to describe the security model within SiteAudit. It provides a way to allow or deny users access to product features thereby controlling what a user can do within the application.
How is Functional Security Applied?
Functional security is applied by assigning a user to a specified role. Application functionality is controlled by the role to which a user is assigned. The concept is similar to how users are assigned roles on a Windows machine.
What Roles are Available?
The SiteAudit Functional Security Roles article describes the available roles and the permissions ascribed to each role.
Can I Create My Own Role?
No. Roles are predefined and limited to those defined in SiteAudit Functional Security Roles.
Can A User Be Assigned Multiple Roles?
A user can be assigned only one role per database. When a user is assigned a role, it supersedes the role that had been assigned previously.
How Do I Assign Roles for SQL Authenticated Users?
There are two ways to assign roles for SQL authenticated users. The primary and recommended method is by using the SiteAudit Viewer. This technique is described in the Assigning Roles for SQL Authenticated Users article. It is also possible to assign roles via Microsoft SQL Server Management Studio and this technique is described in the Assigning Roles for Windows Authenticated Users article.
How Do I Assign Roles for Windows Authenticated Users?
The Assigning Roles for Windows Authenticated Users article describes how to create Windows authenticated users and assign them to roles within a SiteAudit database.
What is the Difference Between SQL and Windows Authentication?
SQL Servers allow users to authenticate using one of two mechanisms. This is described in the SQL Server Authentication Modes article
Can Functional Security be Used with SiteAudit Hosted?
Yes. Users and Roles information are stored within a SiteAudit database. Therefore, functional security is something that can be used with any SiteAudit product including OnSite and Hosted.
Do I have to Use Functional Security?
No. It is not necessary nor required to use functional security. By default, there must be an administrator who manages SiteAudit and this user has complete control of the product and functionality. Those who have used SiteAudit versions prior to version 6.2 will notice no difference in behavior after upgrading.
Who Assigns Roles?
A SQL Server or database administrator has authority to provide user access to SiteAudit database.
Can a User Role be Revoked?
Yes. A user role can be revoked in which case the user can no longer access the SiteAudit database and can perform no functions within SiteAudit. SQL authenticated users can have their access revoked from the Server Administration panel in SiteAudit. See Revoke Access to the SiteAudit Database in the Assigning Roles for SQL Authenticated Users article.
Revoking role access for a Windows authenticated user requires running a script, which can be done in SQL Server Management Studio. For instructions, see Revoking Role Privileges for Windows Authenticated Users in the Assigning Roles for Windows Authenticated Users article