Once authenticated, the user’s authorization level can be determined in the following ways.
In the simplest case, the user authorization of either Operator or Administrator is learned directly through the Active Directory’s configuration of the SP. Access and authorization levels are dictated by the defaultRole property. Setting up users in the Active Directory database requires only a password with no regard to group membership. On the SP, the defaultRole will be set to either administrator or operator. All users authenticated through Active Directory are assigned the privileges associated with the Administrator or Operator user based solely on this configuration.
A more integrated approach is also available by querying the server. For configuration, the SP Administrative Group Tables and Operator Group Tables must be configured with the corresponding group names from the Active Directory server that will be used to determine access levels. Up to five Active Directory groups can be entered to designate an Administrator and another five can be used to assign Operator privileges. Group membership of the user is used to identify the proper access level of either Administrator or Operator by looking up each group name in the configured Active Directory tables on the SP. If the user’s group list is not in either of the defined SP user groups, then access is denied.