Server Configuration > Global Development Using a Proxy > Security Considerations for FSA > Access Control Lists for FSA
 
Access Control Lists for FSA
ACLs store security, configuration, and administrative information for workflows and documents; configuration management; and the Integrity Lifecycle Manager server. They work in conjunction with your network’s authentication system to provide control over features and functions.
Permissions to log in to the Integrity Lifecycle Manager server and proxy are controlled by the mks:si ACL. Permissions regarding FSA are considered server related permissions. The permissions are designed to allow access to the server and proxy for administrative and debugging tasks.
The following server permissions are for Integrity Technical Support use only and are disabled by default. Do not modify them unless directed by an Integrity Technical Support representative.
Permission
Description
AdminProxy
Allows user to perform administrative functions on proxy.
AdminServer
Allows user to perform administrative functions on server.
DebugProxy
Allows user to perform diagnostic functions on proxy.
DebugServer
Allows user to perform diagnostic functions on server.
An Integrity Lifecycle Manager client configured for configuration management is required to carry out administrative tasks related to FSA.
Once connected, users must also have the Login and OpenProject permissions to access the source code projects for the operations they want to perform. Individual permissions then enforce additional authorization constraints as configured. You can use permissions to limit the availability and access to certain servers or proxies, and also to limit access to operations on those servers or proxies.
If you are also using workflow and document functionality, the Login permission must be granted to all users in the mks:im ACL, and they must have visibility to all process and control projects.
For information on configuring permissions, see the “User and Group Permissions: Access Control Lists”.