There are five distinct Types of Admin users in dbFront. The majority of the differences stem from how and where they are defined.
The first class of Admin users are the Server Admins. Server Admins must have Administrator access at the Server/Workstation or Active Directory level.
These are the most powerful administrators and they have the ability to administer all areas of dbFront.
Access that is unique to Server Admins:
- Install and configure dbFront,
- All Service and WebUI application settings,
- Global Authentication settings,
- Email & Notification settings,
- Logging and Debug settings,
- Server Printing settings,
- Global Template, Style and Icon files,
- Raw configuration files.
It is possible to block Server Admins from logging into dbFront but this assumes that those users won't use their credentials to change their access. For details see: Blocking Server/Domain Administrators from accessing dbFront.
Admin Group members are users that are members of the "Admin Group" set up in [Help] / [Settings] / [Authentication] tab.
Members of the "Admin Group" are able to:
- Create and Edit any database connection,
- Update any Connection Access permission,
- Administer all Applications.
MyAdmin Group members are users that are members of the "MyAdmin Group" set up in [Help] / [Settings] / [Authentication] tab.
Members of the "MyAdmin Group" are able to:
- Create database connections,
- Edit database connections they own,
- Update the Connection Access permission for connections they own,
- Administer the Applications they own.
The purpose behind the MyAdmin group is to allow for a common dbFront installation with multiple MyAdmin users that have separate admin access to only those applications they have created.
Application Admin users have specific Configuration and Admin access to those connections to which they have been explicitly assigned. Application Admin users are set up using the Connection Admin dialog.
Their access is limited to Configuring that connection's Applications/Databases and accessing the applications as Admin when logged in.
Application Admin users are purposely missing the ability to configure the connection access. If the user requires the ability to configure connections then consider assigning them to either the Admin Group or the MyAdmin Group.
Single-Sign-On Admin (SSO Admin)
SSO Admin Users have global Configuration access for all Applications/Databases and Admin access within all applications. Their access is controlled by the Admin Group as specified in the Single-Sign-On configuration.