SecurityWorkCentre 5300 Series Multifunction PrinterSystem Administrator Guide48Setting up Access RightsOverviewYou can control access to the printer’s services and features by setting up authentication,authorization, and personalization.AuthenticationAuthentication is the process of confirming a user’s identity by comparing information provided bythe user, such as their user name and password, against another source of user information such asan LDAP directory. Users can be authenticated when accessing the control panel or when accessingCentreWare IS.There are several ways to authenticate a user:• Local: If you have a limited number of users, or do not have access to an LDAP network directory,you can add user information, such as user names and passwords, to the printer’s internaldatabase. You can then specify tools and feature access for all users. Users are authenticatedand authorized when they log in at the control panel.• Network: The printer retrieves user information from a network directory to authenticate andauthorize users when they log in at the control panel. The printer can use of the following threeprotocols to communicate with your authentication server:• Kerberos (Solaris, or Windows 2000/2003)• SMB (Windows 2000/2003)• LDAP• Card Reader: You must purchase and install a magnetic or proximity card reading system,such as Xerox Secure Access. To access the printer, users must swipe a pre-programmedidentification card.AuthorizationAuthorization is the process of defining the services and features that users are allowed to access. Forexample, you can configure the printer to allow a user to copy, scan, and fax, but not email. There aretwo types of authorization:• Locally on the Device (Internal Database): User login information is stored locally in the printer’sinternal User Information Database.• Remotely on the Network: User login information is stored externally in a network database suchas an LDAP directory.