Permission objects are organized by the Permissions system into a hierarchical tree like structure to allow for the concept of permission inheritance. WinGate modules and components form branches in the tree by registering a permission object. When they have multiple permission objects, they can create a container (referred to as a parent) to hold all the different permission objects they will register.
In the case where a module has a distinct subset of features, it can also create parent containers for each feature inside the module parent container. This allows for the segregating of permissions depending on the sections and features of each module.
The Permissions panel, located in the Control Panel of the WinGate Management console, displays the permissions tree for easy management and configuration of permission objects.
In the permissions tree example shown above, the Data module registers a parent container as a branch in the tree. This is the parent container for all the permission objects that are registered by the Data module. This allows you to set permissions at this level that can be inherited, and affect the access to all children under this branch (i.e. Dashboard, Monitoring, and User Data).
The Dashboards parent container is created to control access to the Dashboard (a feature of the Data module). Its purpose is to hold all the dashboard permission objects that represent each current dashboard that has been created.
As mentioned, this branching also allows you to set permissions on a parent container which will apply to all children in its branch. When configuring a child permission object, these inherited permissions from the parent can be easily switched off depending on your requirements.
The Permissions system registers the All Objects parent container to hold all of the permission objects that are registered with the Permissions system. WinGate grants the default access permission of Full control on this parent permissions container for the creator/owner user. In the case of the All Objects parent container, the creator/owner is automatically set to the Administrators group when WinGate is using either the WinGate user database or the Windows Users and Groups connector. When using the Active Directory connector, this will be the Domain Administrators group.
Since inheritance of permissions is propagated to all children permission objects by default, this allows WinGate to set default permissions on both parents and children in the tree in a cascaded manner. This is designed so that administrators can log into the WinGate Management console, and have full access and control to all modules and features straight after the installation.
Read more about ownership of permission objects
Setting permissions in the All Objects container can have serious implications to the way permissions are applied throughout the permissions tree, and should only be configured with extreme caution.
Parent containers play an important role in determining whether inherited permissions from upper level parents in the permissions tree, will be allowed to propagate through them, to children in their container. This propagated inheritance is on by default, but can be switched off in the permissions configuration for the appropriate parent container.
Alternatively in the parents permissions configuration, you can manually configure explicit permissions that will be set for all children in that parent container. These explicit permissions will be always be applied to the children regardless of whether propagated inheritance from upper level parents is set on the parent container.
Read more about parent container permissions
Child permission objects allow you to configure specific permissions that will be applied to a particular feature or dialog of the WinGate component that registered it. Child permission objects will, by default, inherit any permissions that have been set for them by their immediate parents or propagated from upper level parent containers.
Any permissions that have been set through inheritance on child permission objects can be cleared in the particular permission objects configuration, allowing you to manually configure specific permissions for that child permission object as required.
You can use basic Full-Text Searches against the page title and body to find matching articles. Use the following search modifiers to refine your query: