The Permissions system allows for the concept of ownership on all permission objects registered by WinGate modules and components. Whenever a WinGate component creates and registers permission objects with the Permissions system, the default ownership of each permission object is assigned to the Administrators group, regardless of the user database being used by WinGate.
In the case where a user has permission to Create children in a parent container, then the ownership of the newly created child permissions object will be automatically assigned to the user or group who created it. For example, if a user has the permission to Create children (new policies) in the Policy module parent container, whenever they create a new policy, they are set as the owner of the associated policy permission object that is registered with the Permissions system.
The Permissions system provides two aliased users, the Creator Owner, and Creator Group, that you can select and configure permissions for when editing a permission object. The Creator Owner and the Creator Group users will represent the user or group that is the currently configured as the owner of that particular permissions object. This allows you to set permissions for the current owner of the particular permission object, rather then on a specific user or group.
The Permissions system uses the concept of ownership on permission objects to set the default permissions from the top of the permissions tree after installation.
In the All Objects container at the top of the tree, the Permissions system will set Allow on all permissions for Creator Owner user. Since it is the top level, these permissions for the Creator Owner are applied to all child permission objects in the All Objects container. Since inheritance is enabled by default, these permissions for the creator owner will propagate to all parents and children all the way down the tree.
After installation, the creator owner for the All Objects container is set to the Administrators group if WinGate has been set to use either the WinGate user database or the Windows Users and Groups connector. Similarly, if WinGate has been set to use the Active Directory connector, this will be the domain administrators group. This has been designed so that the creator owner (in this case members of the administrators or domain administrators groups) is able to log into the WinGate Management console and have full access and control to all the features provided throughout WinGate by default.
Each permission object can be manually assigned an owner from any user, or group in the user database WinGate has been configured to use.
When the owner is changed on a permission object that has permissions assigned to the Creator Owner(or Creator Group) then these permissions will be applied to the user or group that has become the new owner.
You can use basic Full-Text Searches against the page title and body to find matching articles. Use the following search modifiers to refine your query:
