IRIS

Intelligent Roadway Information System

Users

Select View ➔ System ➔ Users menu item

User authentication is determined by user ID, role, and domains.

User IDs

A user must have an ID to log in to IRIS.

Field	Description
Name	Account name
Full Name	User name
Role	Role which determines the authorized permissions
Dn	Distinguished name for LDAP authentication
Password	Hash of password
Enabled	Flag to disable account

On login, these checks are performed:

The user and role must be enabled
The connection IP must be within an enabled domain for the role
(Web UI) All IPs in the X-Forwarded-For HTTP header must be within enabled domains for the role
Password authenticated
- If dn is set: LDAP server authentication - on success, update the cached password hash
- If dn is NULL (or LDAP connection fails): password hash authentication

API Resources 🕵️

iris/api/user_id
iris/api/user_id/{name}

Access	Primary	Secondary
👁️ View	name
💡 Manage	enabled	password †
🔧 Configure	full_name, role	dn

† Write only

Roles

A role defines the set of permissions associated with a user account. The default roles are administrator and operator. The administrator role has permissions which allow unfettered access to the system. Other roles can be created to allow different permissions, as needed.

WARNING: if the administrator role or admin user are disabled, the ability to make further changes will be lost immediately.

API Resources 🕵️

iris/api/role
iris/api/role/{name}

Access	Primary	Secondary
👁️ View	name
💡 Manage	enabled
🔧 Configure		domains

Domains

A network domain uses CIDR to restrict the IP addresses from which a role can connect to IRIS.

API Resources 🕵️

iris/api/domain
iris/api/domain/{name}

Access	Primary	Secondary
👁️ View	name
💡 Manage	enabled
🔧 Configure		block

Events

Whenever certain client events occur, a time-stamped event record can be stored in the client_event table:

CONNECT
DISCONNECT
AUTHENTICATE
FAIL AUTHENTICATION
FAIL DOMAIN
FAIL DOMAIN XFF
FAIL PASSWORD
CHANGE PASSWORD
UPDATE PASSWORD