4 4 3 Grolar:Using Access Control Lists: Difference between revisions

From SEPsesam
mNo edit summary
(Marked this version for translation)
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<div class="noprint">
<translate><!--T:1-->
<div class="noprint"><languages /></translate>
__FORCETOC__
__FORCETOC__
<translate><!--T:2-->
{{Copyright SEP AG en}}
{{Copyright SEP AG en}}
{{draft}}
 
{{Navigation_latest|release=4.4.3 ''Grolar''|link=[[Special:MyLanguage/SEP_sesam_Documentation#previous|documentation archive]]}}</div><br />
<!--T:3-->
==Overview==
{{Navigation previous|link=[[Special:MyLanguage/Using Access Control Lists|Using Access Control Lists]] for the new version}}</div></translate><br />
<div class="boilerplate metadata" id="Additional resources" style="background-color:#ecedf1; color:#8695a7; border: 1px ridge #cdd3db; margin: 0.5em; padding: 0.5em; float: right; width: 25%; "><center><b>Additional resources</b></center>
<translate>==Overview== <!--T:4--></translate>
<div class="boilerplate metadata" id="Additional resources" style="background-color:#ecedf1; color:#8695a7; border: 1px ridge #cdd3db; margin: 0.5em; padding: 0.5em; float: right; width: 25%; "><center><b><translate><!--T:5-->
Additional resources</translate></b></center>


{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
| rowspan="2" style="padding:0px 10px 0px;" | [[File:SEP Tip.png|45px|link=4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]]
| rowspan="2" style="padding:0px 10px 0px;" | <translate><!--T:6-->
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | See also: [[Special:MyLanguage/4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] – [[Special:MyLanguage/4_4_3_Grolar:Administering_ACLs_from_the_Command_Line|Administering ACLs from the Command Line]]
[[File:SEP Tip.png|45px|link=About_Authentication_and_Authorization|About Authentication and Authorization]]</translate>
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | <translate><!--T:7-->
See also: [[Special:MyLanguage/About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] – [[Special:MyLanguage/Administering_ACLs_from_the_Command_Line|Administering ACLs from the Command Line]]</translate>
|}
|}


{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
| rowspan="2" style="padding:0px 10px 0px;" |
| rowspan="2" style="padding:0px 10px 0px;" |
[[File:SEP Tip.png|45px|link=Special:MyLanguage/FAQ#permissions|FAQ]]
<translate><!--T:8-->
[[File:SEP Tip.png|45px|link=Special:MyLanguage/FAQ#permissions|FAQ]]</translate>
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" |
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" |
Check [[Special:MyLanguage/FAQ#permissions|FAQ]] to find the answers to most common questions.
<translate><!--T:9-->
Check [[Special:MyLanguage/FAQ#permissions|FAQ]] to find the answers to most common questions.</translate>
|}
|}


{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;"
| rowspan="2" style="padding:0px 10px 0px;" | [[File:SEP Troubleshooting.png|45px|link=Special:MyLanguage/Troubleshooting_Guide|Troubleshooting Guide]]
| rowspan="2" style="padding:0px 10px 0px;" | <translate><!--T:10-->
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | Problems? Check the [[Special:MyLanguage/Troubleshooting_Guide| Troubleshooting Guide]].  
[[File:SEP Troubleshooting.png|45px|link=Special:MyLanguage/Troubleshooting_Guide|Troubleshooting Guide]]</translate>
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | <translate><!--T:11-->
Problems? Check the [[Special:MyLanguage/Troubleshooting_Guide| Troubleshooting Guide]].</translate>
|}</div>
|}</div>
An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). An ACL specifies which users or groups are granted access to objects. As of SEP sesam version 4.4.3 [[Special:MyLanguage/SEP_sesam_Release_Versions|''Grolar'']], you can configure ACLs for [[Special:MyLanguage/SEP_sesam_Glossary#location|locations]] and [[Special:MyLanguage/SEP_sesam_Glossary#SBC|clients]], if you have the admin rights. Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For detalis, see [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]].
<translate><!--T:12-->
An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). Use of ACL specifies the conditions for a particular user or group to do an operation on a specific object (e.g., client, location, backup, etc.). As of SEP sesam version [[Special:MyLanguage/SEP_sesam_Release_Versions|4.4.3 ''Grolar'']], you can configure ACLs for [[Special:MyLanguage/SEP_sesam_Glossary#location|locations]] and [[Special:MyLanguage/SEP_sesam_Glossary#SBC|clients]], if you have the ''admin'' rights.  
 
<!--T:13-->
Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For details, see [[Special:MyLanguage/Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]].
   
   
=={{anchor|configuration}}Configuring permissions (ACLs) for locations and clients==
=={{anchor|configuration}}Configuring permissions (ACLs) for locations and clients==


You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see [[Special:MyLanguage/Configuring_Location|Configuring Location]] and [[Special:MyLanguage/Configuring_Clients|Configuring Clients]].
<!--T:14-->
You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see [[Special:MyLanguage/Configuring_Location|Configuring Location]] and [[Special:MyLanguage/Configuring_Clients|Configuring Clients]].</translate>


<ol><li>From '''Main selection''' -> '''Components''' -> '''Topology''', select the relevant location or a client (under the location) and double-click it (or click the '''Properties''' button). The ''Location/Client properties'' window appears.</li>  
<ol><li><translate><!--T:15-->
<li>Switch to the ''Permissions'' tab. Select the relevant user or group. You can also add a new user/group by clicking '''Add''' and selecting a relevant user/group from the drop-down list.<br />Click '''OK''' to add a new user/group.</li>
From '''Main selection''' -> '''Components''' -> '''Topology''', select the relevant location or a client (under the location) and double-click it (or click the '''Properties''' button). The ''Location/Client properties'' window appears.</translate></li>  
[[Image:Authentication_add_user.jpg|750px|link=]]
<li><translate><!--T:16-->
Switch to the ''Permissions'' tab. Select the relevant user or group. You can also add a new user/group by clicking '''Add''' and selecting a relevant user/group from the drop-down list.<br />Click '''OK''' to add a new user/group.</translate></li>
<translate><!--T:17-->
[[Image:Authentication_add_user_Beefalo_V2.jpg|650px|link=]]</translate>
<br clear=all>
<br clear=all>
<li>Under ''Permissions'' panel, enable or disable access (to location/client) per user/group by clicking the '''Allow''' or '''Deny''' checkbox. </li>
<li><translate><!--T:18-->
{{note|Groups ''ADMIN'' and ''OPERATOR'' have full access to all locations/clients by default. ''RESTORE'' group has denied access to all locations/clients by default. It is not possible to set the ACLs for the administrators because they have always full access to all locations and clients.}}   
Under ''Permissions'' panel, enable or disable access (to location/client) per user/group by clicking the '''Allow''' or '''Deny''' checkbox.</translate> </li>
<li>Click '''OK''' to set up ACLs for a location/client.</li>
{{<translate><!--T:19-->
[[Image:Authentication_permissions.jpg|link=]]
note</translate>|
*<translate><!--T:20-->
By default, members of the ''ADMIN'' and ''OPERATOR'' groups have full access to all locations and clients. The ''RESTORE'' group has restricted access to all locations and clients.</translate>
*<translate><!--T:21-->
ACLs can be set for the ''OPERATOR'' and ''RESTORE'' group. To ensure that your administrator(s) always have full access to all functionality, the following applies:</translate>
**<translate><!--T:22-->
If database-based authentication is enabled, you cannot set ACL for the user ''Administrator''  (the user ''Administrator'' has access to all features).</translate>
**<translate><!--T:23-->
In case of policy-based authentication, ACLs cannot be set for members of the ''ADMIN'' group (the ''ADMIN'' group has access to all features).</translate>}}   
<li><translate><!--T:24-->
Click '''OK''' to set up ACLs for a location/client.</translate></li>
<translate><!--T:25-->
[[Image:Authentication_permissions_Beefalo_V2.jpg|650px|link=]]</translate>
<br clear=all>
<br clear=all>
</ol>
</ol>
When the administrator modifies the default ACL and therefore attaches ACL to the selected object, the client sends the information on ACL together with the object ID and the name of the data accessor object to the SEP sesam Server, which stores the ACLs to the database. The next query for objects uses the stored ACLs if the type of the queried objects matches the type of the object the ACL got attached to.
<translate><!--T:26-->
When the administrator defines ACLs, the list of ACL entries is saved in the SEP sesam database and take effect immediately. This means that the new authorization settings (stored ACLs) are used for all further queries for the objects.


<!--T:27-->
<div class="noprint">
<div class="noprint">
==See also==
==See also==
[[Special:MyLanguage/4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] – [[Special:MyLanguage/4_4_3_Grolar:Administering_ACLs_from_the_Command_Line|Administering ACLs from the Command Line]]</div>
[[Special:MyLanguage/About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] – [[Special:MyLanguage/Administering_ACLs_from_the_Command_Line|Administering ACLs from the Command Line]]</div></translate>

Revision as of 14:21, 14 November 2022

Other languages:

Template:Copyright SEP AG en

Icon archived docs.png This is not the latest version of SEP sesam documentation and, as such, does not provide information on features introduced in the latest release. For more information on SEP sesam releases, see SEP sesam Release Versions. For the latest documentation, check Using Access Control Lists for the new version.


Overview

Additional resources
About Authentication and Authorization See also: About Authentication and AuthorizationConfiguring Database-Based AuthenticationConfiguring LocationConfiguring ClientsAdministering ACLs from the Command Line

FAQ

Check FAQ to find the answers to most common questions.

Troubleshooting Guide Problems? Check the Troubleshooting Guide.

An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). Use of ACL specifies the conditions for a particular user or group to do an operation on a specific object (e.g., client, location, backup, etc.). As of SEP sesam version 4.4.3 Grolar, you can configure ACLs for locations and clients, if you have the admin rights.

Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For details, see Configuring Database-Based Authentication.

Configuring permissions (ACLs) for locations and clients

You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see Configuring Location and Configuring Clients.

  1. From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
  2. Switch to the Permissions tab. Select the relevant user or group. You can also add a new user/group by clicking Add and selecting a relevant user/group from the drop-down list.
    Click OK to add a new user/group.
    3. Authentication add user Beefalo V2.jpg
  3. Under Permissions panel, enable or disable access (to location/client) per user/group by clicking the Allow or Deny checkbox.
    4. Information sign.png Note
    • By default, members of the ADMIN and OPERATOR groups have full access to all locations and clients. The RESTORE group has restricted access to all locations and clients.
    • ACLs can be set for the OPERATOR and RESTORE group. To ensure that your administrator(s) always have full access to all functionality, the following applies:
      • If database-based authentication is enabled, you cannot set ACL for the user Administrator (the user Administrator has access to all features).
      • In case of policy-based authentication, ACLs cannot be set for members of the ADMIN group (the ADMIN group has access to all features).
  4. Click OK to set up ACLs for a location/client.
    5. Authentication permissions Beefalo V2.jpg

When the administrator defines ACLs, the list of ACL entries is saved in the SEP sesam database and take effect immediately. This means that the new authorization settings (stored ACLs) are used for all further queries for the objects.

See also

About Authentication and AuthorizationConfiguring Database-Based AuthenticationConfiguring LocationConfiguring ClientsAdministering ACLs from the Command Line
Retrieved from "https://wiki.sep.de/wiki/index.php?title=4_4_3_Grolar:Using_Access_Control_Lists&oldid=241102"