Service Virtualization

Expand all | Collapse all

Can we implement ACL so that a user can login only from one workstation instance and thus can occupy only one license per user-id?

  • 1.  Can we implement ACL so that a user can login only from one workstation instance and thus can occupy only one license per user-id?

    Posted 03-18-2016 12:51 PM

    So we are using default DevTest ACL, and as a precaution, we want to prevent users from using same ID on multiple workstation instance. We believe currently ACL doesnt work that way, once a user is provided access, he or multiple people can use same credentials from multiple instances. We are looking a way to avoid such situation, ideal solution would be once a user login to one workstation, when tried from another workstation, he/she gets error.



  • 2.  Re: Can we implement ACL so that a user can login only from one workstation instance and thus can occupy only one license per user-id?

    Posted 03-21-2016 09:59 AM

    Hi Ch3tn, as you probably know already DevTest's ACL is role-based, and our licensing model is generally based on number of concurrent users rather than a 'named user' approach. 

    You are correct. Once a user ID is provisioned access, DevTest does not perform actions that 'bind' a given user ID to a Workstation IP address.  The audit logs provide some reporting about the actions performed by the User ID and logins are seen in the Enterprise Dashboard -- if that helps any. 

     

    Would connecting DevTest to your AD or LDAP datasource address part of your problem?  DevTest can enable AD/LDAP authentication.  DevTest continues to provide authorization.  This technique does not bind a User ID / login to a Workstation OOTB.  It does however, provide some control since users should not be sharing their User credentials with each other.

     

    Can you explain more as to why binding a given User to a given Workstation is important vs. provisioning each User with their own unique login credentials?

     

    I have not attempted this... You might write your own java class that implements the com.ca.dts.security.authentication.AuthenticationProviderFactory interface and then use the authentication-providers.xml in LISA_HOME to implement a custom authentication provider.  You should check the Admin Guide for information about usage of the _authentication-providers.xml and _ldap-mappings.xml files.  You may find that there are unwanted side effects of doing this.