Introduction

Panopticon Real Time provides multiple approaches on authentication. It can easily be configured to use different authentication mechanisms depending on the environment and the setup. The server only supports authentication and authorization and does not have any support for user management or administration of users.

There are mainly two properties that manage the authentication on the server. These properties are listed and described in the table below. Please note that more properties might need to be configured depending on the authentication mechanism you are using.

Property	Description	Default Value
authentication.role	The required role or group that the user needs to be identified as a Panopticon user. The property can be left blank if no role or group is required.
authentication.required	This property will make the authentication required. It will force the user to login in order to use any of the services provided by the server.	true
authentication.type	The type of authentication that should be used when authenticating the user. The property allows the following values: BASIC, FILTER, HEADER, OAUTH2, SAML.	BASIC
authentication.domain	The default domain information for user authentication.

Depending on the authentication or user management mechanism used, the role that a user should have is specified and then mapped to a group set in Panopticon.properties.

Property	Description	Default Value
access.administrator.groups	The role that is mapped to the administrator group.	admin
access.default.roles	The default roles applied to all users of the server. For example, if access.default.roles=DESIGNER,ADMINISTRATOR and a user with a VIEWER role logs on to the server, then the user will simultaneously have a VIEWER, DESIGNER, and ADMINISTRATOR roles. A blank value for access.default.roles is equivalent to ANONYMOUS. A blank value or the value ANONYMOUS will NOT block users from authenticating. NOTE: The roles that can be assigned in this property can only be ADMINISTRATOR, VIEWER, ANONYMOUS, and/or DESIGNER. This property is case sensitive.	VIEWER
access.designer.groups	The role that is mapped to the designer group.	designer
access.viewer.groups	The role that is assigned to the viewer group.

NOTE:

Group sets can be added for a role, separated by a comma.
To be able to use all of the features of Panopticon Real Time, a user is required to have Designer and Administrator roles.

When using Altair Units licensing, different user roles will check out different numbers of Altair Units.

Role	Altair Units Draw
Viewer	2
Designer	2 10 when designing a workbook
Administrator	2

Normally, you should use role mapping to control user access. This way you can manage access in the same place that you manage your users without having to reconfigure the server.

In some scenarios, it may be impossible to set up appropriate roles for Panopticon in your external system, or you may want to make one-off exceptions for specific users. As a workaround for these cases, you can also explicitly list individual users and their access in the server configuration with the access.administrator.users, access.designer.users, and access.viewer.users properties.

Intellectual Property Rights Notice | Technical Support