Normal users are those who only have encryption, decryption, delete and search privileges—or a combination of these privileges.
Normal users are created and defined the same way as DAs. However, a site has the choice of defining their normal users in one of three locations:
The internal SAKA database—in which case all users and their privileges are local to the SAKA server and are managed using DACTool.
Microsoft's Active Directory (AD)—in which case all normal users are defined and managed in AD using Microsoft-provided tools (see Integrating Active Directory in this manual); however, all DAs are defined and managed in the internal SAKA database.
Any other Lightweight Directory Access Protocol (LDAP)-based directory server—in which case all normal users are defined and managed in the LDAP directory using the directory-provided tools (see Integrating with Another Directory Server—an open-source LDAP directory server—in Chapter 14 of this manual); however, all DAs are defined and managed within the internal SAKA database.
It is also possible to configure SAKA to use two mechanisms to authenticate and authorize cryptographic service requesters—the local database and either AD or another LDAP directory server. SAKA must be configured with both options and told which repository to look up first when verifying a requester's credential for supplying cryptographic services.
NOTE: It is not possible to configure SAKA to use AD and another LDAP directory simultaneously for verifying credentials or to use all three mechanisms to verify credentials—the internal database, AD, and another LDAP directory. |
Selecting the Users icon on the DACTool toolbar, the side-bar provides two options: to add a new user and to view existing users within the internal SAKA database. SAKA cannot show SAKA users defined in Microsoft's AD or another LDAP directory server.