Step | Action | Done? |
1. | Identify service security requirements. Services are implicitly blocked from access by anyone other than Administrators and Developers. Determine what level of access is required, whether limited to one group of users, all authenticated users, or even unauthenticated users, and apply the appropriate ACL to the service. | |
2. | Create user IDs and groups or configure an external directory. If you have secure services, identify users and/or client applications that are authorized to access those services and create groups that contain the authorized members. If your site uses an external directory (LDAP or central user management), you can configure the server to access the user and group information from the external directory. For instructions for creating user IDs, see Adding User Accounts. For instruction for creating groups, see Adding Groups. For instructions for using an external directory, see Configuring a Central User Directory or
LDAP. | |
3. | Create ACLs. Create the ACLs needed to meet your services' security requirements and assign the groups you have created to these ACLs. For instructions, see Creating ACLs. | |
4. | Identify backup administrators. Select one or two users who can act as a backup administrator when the primary administrator is unavailable. Use the Users and Groups screen to add these users to the “Administrators” group. For instructions on how to grant a user administrator privileges, see Adding an Administrator User. |