4 4 3 Grolar:Using Access Control Lists

From SEPsesam

Template:Copyright SEP AG en

This is not the latest version of SEP sesam documentation and, as such, does not provide information on features introduced in the latest release. For more information on SEP sesam releases, see SEP sesam Release Versions. For the latest documentation, check Using Access Control Lists for the new version.


Overview

An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). Use of ACL specifies the conditions for a particular user or group to do an operation on a specific object (e.g., client, location, backup, etc.). As of SEP sesam version 4.4.3 Grolar, you can configure ACLs for locations and clients, if you have the admin rights.

Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For details, see Configuring Database-Based Authentication.

Configuring permissions (ACLs) for locations and clients

You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see Configuring Location and Configuring Clients.

  1. From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
  2. Switch to the Permissions tab. Select the relevant user or group. You can also add a new user/group by clicking Add and selecting a relevant user/group from the drop-down list.
    Click OK to add a new user/group.

  3. Under Permissions panel, enable or disable access (to location/client) per user/group by clicking the Allow or Deny checkbox.
  4. Note
    • By default, members of the ADMIN and OPERATOR groups have full access to all locations and clients. The RESTORE group has restricted access to all locations and clients.
    • ACLs can be set for the OPERATOR and RESTORE group. To ensure that your administrator(s) always have full access to all functionality, the following applies:
      • If database-based authentication is enabled, you cannot set ACL for the user Administrator (the user Administrator has access to all features).
      • In case of policy-based authentication, ACLs cannot be set for members of the ADMIN group (the ADMIN group has access to all features).
  5. Click OK to set up ACLs for a location/client.

When the administrator defines ACLs, the list of ACL entries is saved in the SEP sesam database and take effect immediately. This means that the new authorization settings (stored ACLs) are used for all further queries for the objects.