Authorizations in the steadyPRINT Center

(Last update of this topic: 05-22-2015)

Navigation:  Centralized Administration >

Authorizations in the steadyPRINT Center

(Last update of this topic: 05-22-2015)

Previous pageReturn to chapter overviewNext page

The steadyPRINT Center has its own permission system on the basis of roles handling the authentication as well as authorizations to access functions and objects.


Individual roles can be defined and domain accounts added via file > settings > Center roles in the steadyPRINT Center (see figure steadyPRINT Center - overview of roles).

At first, a newly created role has no permissions - these must be granted in a dedicated mode. The mandatory and predefined role sysadmin, however, has full access to all objects and settings in the steadyPRINT Center. When initially creating the sysadmin role, automatically adds the group Builtin\Administrators as well as the user who starts the steadyPRINT Center for the first time. An adjustment of authorized administrators, however, can be done subsequently.


sp_center_078Figure 21: steadyPRINT - Figure 22: steadyPRINT Center - overview of roles


Role Properties

In the properties of a Center role, access permissions for the stored accounts (users, groups and computers) are granted within the steadyPRINT Center. The permissions themselves are divided into different areas and assigned to certain levels. (see figure steadyPRINT Center - roles).



Figure 23: steadyPRINT - roles



There are 3 levels available for granting permissions to access functions and objects:

Grant: Grants full access to the function and/or object.
Read only: Grants reading access to the object.
Deny: Denies the access to the function and/or object.



Hiding particular print servers, printers and folders in the tree


By assigning the permission Deny to the administration of print servers and printers, you can hide them for desired accounts. Print servers, printers or folders are thus not displayed in the steadyPRINT Center (see Linking roles to objects.


Linking roles to objects

In the steadyPRINT Center, permissions are granted to print servers, printers as well as folders by linking the available roles.



Figure 24: steadyPRINT - linking the roles


The figure steadyPRINT Center - linking the roles shows the granting of a permission on folder level below the print server bps. Thus, the role Access Admin DE gets access to the folder Deutschland as well as all other objects (printers and folders) below.



Linking the role sysadmin


The mandatory and predefined role sysadmin is neither visible nor can it be deselected.



By marking the check box Inherit permissions from figure steadyPRINT Center - linking the roles, roles are inherited from the object lying above. An inheritance takes place until it is canceled again by linked roles on an object lying below.

Authentication and Authorization

The steadyPRINT Center authenticates a user on the basis of the roles and the included accounts. If the authentication against the available roles fails, the steadyPRINT Center enables a login with an alternative user or the termination. (see figure steadyPRINT Center - authentification failed).



Authentication by group affiliation


The steadyPRINT Center authenticates the user due to his/her group affiliation. In doing so, an evaluation of nested groups takes place.



Figure 25: steadyPRINT - authentication failed


In order to authorize the access to a function or an object, the steadyPRINT Center verifies all available roles assigned to the user. Finally, the highest permissions level (high = Grant, low = Deny) will be used for the authorization process. The following figure steadyPRINT Center - authorization shows an example for an unauthorized access to functions and objects.



Figure 26: steadyPRINT - authorization