Considerations for Granting Privileges to Dynamic Domain Users
Resources can be opened for use by anyone including dynamic domain users by granting privileges to the dynamic all group on published resources.
• Dynamic all privileges open published resources to public access.
• No rights should be given to dynamically authenticated users because anybody can log in as a dynamic user; such users are not authenticated by the TDV system.
When the dynamic domain is enabled, dynamic users have default Read access to the following basic resources in Studio:
/
/services
/services/databases
/services/webservices
/services/webservices/system
/shared
/lib
• All other access privileges must be explicitly granted for either the dynamic all group or for the individual dynamic user after initial login.
• Dynamic users cannot be authenticated by definition as the password is not stored. Assigning resource privileges to individual dynamic users opens a resource to any user who can use that user name.