Access Control Examples

Here are some typical access control configurations that might be used in different settings:

Allow connections from anywhere (no authentication)

  1. From the Server Settings window, click a server (Remote Server, Web Server, or Telnet Server). A list of firewall entries appears in the right pane.
  2. Add a firewall definition and set it to "Allow *.*.*.*."
  3. From the Users panel, create a Guest account with an Automatic Login address of "*.*.*.*".

    Note 1:
    This is a very open setting. Be sure that you actually intend to allow anyone to connect. This configuration might be reasonable if InterMapper were running behind a firewall, and thus not visible outside your organization.

    Note 2: The IP wildcard example above works with 32-bit IPv4 address. InterMapper now supports 128-bit IPv6 addresses. Wildcard characters are not currently supported for IPv6 addresses.

Allow connections from anywhere, but with authentication

  1. Define your user names and passwords as described in Users and Groups.
  2. From the Server Settings window, click Remote Server. A list of firewall entries appears in the right pane.
  3. Add a firewall definition and set it to "Allow *.*.*.*."

    Anyone that connects is required to provide a username/password.

Allow web connections to see all maps

  1. Define a group named FullWebAccess.
  2. Add users to that group.

    The users in the group can view all web pages, and can acknowledge down devices.

Allow people from known addresses to connect without entering a password

This is called an automatic-login user.

  1. Create a new user with the desired name.
  2. Leave the Password box empty.
  3. Enter the desired IP address in the Automatic Login box.

    All connections from that IP address or range are automatically connected, and are assigned the specified user name.

Allow a non-administrator user to see the log files

  1. Define a group named FullLogAccess.
  2. Add users to that group.

    The users in the group can view all the log files. 

Allow an automatic-login user name to connect from elsewhere by entering a password

Deny all connections from certain addresses or sites

You can prohibit connections from certain sites.

  1. From the Server Settings window, click Remote Server. A list of firewall entries appears in the right pane.
  2. Click Add... The Firewall Definition dialog appears.
  3. In the IP Address box, enter an IP address or IP address range.
  4. From the Access dropdown menu, choose Deny.
  5. Click OK.

    All connections from the specified IP address or range are denied.

Give a single user access to a specific map

  1. From the Users tab, create a new user.
  2. From the Maps tab, set the user's permissions for the Web and Remote servers.

    These permissions are tested only if the user fails to match the global IP address test and/or username and password