CN8600 User Manual
40
The Permission Attribute Value (for RADIUS and LDAP)
The attribute value for permission is made up of two parts: 1) the IP address of
the CN8600 a user will access; and 2) a string that indicates the access rights
the user has on the CN8600 at that IP address. For example:
192.168.0.80&c,w,j;192.168.0.188&v,l
The makeup of the permission entry is as follows:
An ampersand (&) connects the CN8600’s IP with the access rights string.
The access rights string is made up of various combinations of the
following characters: c w j p l v s. The characters can be entered in upper
or lower case. See Permitted String Characters table below.
The characters in the access rights string are separated by a comma (,).
There are no spaces before or after the comma.
If a user has access rights to more than one CN8600, each permission
segment is separated by a semicolon (;). There are no spaces before or
after the semicolon.
Use the following keyword for Radius and LDAP setting: su/[username]
– the username must be a real user account that exists in the system.
LDAP should use CN8600-userProfile, or can waive this. The login name
must exist in the local account.
Permission String Characters
Character Meaning
C Grants the user administrator privileges, allowing the user to configure
the system.
W Allows the user to access the system via the Windows Client program.
J Allows the user to access the system via the Java applet.
L Allows the user to access log information via the user's browser.
V Limits the user's access to only viewing the video display.
M Allows the user to use the Virtual Media function – Read / Write
