How the Security Server User Management Works?

How the Security Server user management works?

Security Server user management is based on roles. One user can have multiple roles and multiple users can be in the same role. Each role has a corresponding system group, created upon the installation of the system. Rights of each user group are described in a configuration file (proxy-ui/config/privileges.yml).

Security Server uses Pluggable Authentication Modules for Linux (Linux-PAM) for user authentication. Linux-PAM supports different authentication mechanisms. By default, pam_unix is used.

Linux-PAM is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users. In other words, without (rewriting and) recompiling a PAM-aware application, it is possible to switch between the authentication mechanism(s) it uses.

Step-by-step guide

The official documentation regarding the Security Server user management is available at https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/ug-ss_x-road_6_security_server_user_guide.md#2-user-management.