Xerox® Security Guide for Light Production Mono Class Products
Authorization (Role Based Access Controls)
Legacy and D-Series® Copier/Printer products offer granular control of user permissions. Users can be
assigned to pre-defined roles or customers may design highly flexible custom permissions. A user must
be authenticated before being authorized to use the services of the product. Authorization ACLs (Access
Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions)
can be assigned on a per user or group basis.
Please note that Xerox products are designed to be customizable and support various workflows as well
as security needs. User permissions include security-related permissions and non-security related
workflow permissions (e.g. walkup user options, copy, scan, paper selection, etc.). Only security-related
permissions are discussed here.
Remote Access
Without RBAC permissions defined basic information such as Model, Serial number, and Software
Version can be viewed by unauthenticated users. This can be disabled by restricting access to the
device website pages for non-logged-in users.
By default, users are allowed to view basic status and support related information, however they are
restricted from accessing device configuration settings. Permission to view this information can be
disallowed.
Local Access
Without RBAC permissions defined basic information such as Model, Serial number, Software Version, IP
address, and Host Name can be viewed without authentication. This can be disabled by disallowing
access to device settings for unauthenticated.
By default, users are allowed to access the local interface, however they are restricted from accessing
device configuration settings. Roles can be configured to allows granular access to applications,
services, and tools. Users can be also restricted from accessing the local interface completely.
To access the product from the Local User Interface, authentication is required per the authentication
method as shown below.
Authentication Method
Operation
No authentication
No authentication is required for general users.
Authentication on the
product (without
password)
When Authentication on the product is in enabled state, the User ID (PIN)
is required for general users.
Authentication on the
product (with password)
When Authentication on the product is in enabled state, the User ID and
4 to 12 characters password are required for general users.
Card Auditron
General user is required to insert the authentication card.
External authentication
When external authentication is in enabled state, general users access
external authentication function for local access such as for copy / scan.
The following are the external authentication functions, and input of the
User ID and password is required.
1) Kerberos authentication
