How to restrict the use of AML Studio for certain users?

[AngelaIp]

Hi,

I don´t want that externals use AML Studio in our environment. Is it possible to make a general restriction to certain user groups?

Thanks and best regards! Angela

[rneuber1]

You can add a Method to the System Event "Successful Login". In this method you could check:

Innovator inn = this.getInnovator();
string agent = System.Web.HttpContext.Current.Request.UserAgent;
string userid = inn.getUserID();
if (agent.StartsWith("InnovatorAdmin"))
{
    // Check if this user's id in is a certain identity (e.g. InnovatorAdminUsers)
    .....
   return inn.newError("Innovator Admin not allowed for you!");
}
else return this; // Ok User may use InnovatorAdmin

This should do the trick, as long as the "user_agent" string is not manipulated...

\Ralf

[AngelaIp]

Hi Ralf, thanks for the solution! I can confirm, that this one works well. The code could also be used to track login attempts in the system event log. So we could see, what kind of user agents try to connect with the system. It´s not a big topic for me right now, but I am glad to that I have this option.

[rneuber1]

Nice to hear it works for you, but keep in mind that manipulating the user agent string is easy to do. (Remember: users of InnovatorAdmin normally are tech-savy...). But it might keep out some script kiddies... ;-) Tracking logins (both successful and failed) is what we are using the system events for as well, it is quite helpful in certain cases.

\Ralf

[AngelaIp]

I agree! Nobody could stop me from creating my own little InnovatorSecretBackDoorStudio application. But I right now still know each of my Innovator users personally, so a basic access restriction is still sufficient in my case. Of course this may change in the future and it´s good be prepared. Thanks for the open answer to this question!