Crystal Management Server

In relation to system security, the CMS performs a number of important tasks. The majority of these tasks rely upon the database that the CMS uses to keep track of Crystal Enterprise system data. This data includes security information, such as user accounts, group memberships, and object rights that define user and group privileges.

When you first set up your system, the CMS allows you to create user accounts and groups within Crystal Enterprise. And, with its third-party security plug-ins, the CMS allows you to reuse existing user accounts and groups that are stored in a third-party system (a Windows NT user database, an LDAP directory server, or a Windows AD server). The CMS supports third-party authentication, so users can log on to Crystal Enterprise with their current Windows NT, LDAP, or Windows AD credentials.

When users log on, the CMS coordinates the authentication process with its security plug-ins; the CMS then grants the user a logon token and an active session on the system. The CMS also responds to authorization requests made by the rest of the system. When a user requests a list of reports in a particular folder, the CMS authorizes the request only when it has verified that the user's account or group membership provides sufficient privileges.

For details about the CMS and how it calculates a user's effective rights to an object, see Calculating a user's effective rights.

For more information about the CMS and the CMS database, see Crystal Management Server.