4 4 3 Grolar:Using Access Control Lists: Difference between revisions
(Draft version for using ACL.) |
(Updated.) |
||
Line 1: | Line 1: | ||
<div class="noprint"> | |||
__FORCETOC__ | |||
{{Copyright SEP AG en}} | {{Copyright SEP AG en}} | ||
{{draft}} | {{draft}} | ||
{{Navigation_latest|release=4.4.3 ''Grolar''|link=[[SEP_sesam_Documentation#previous|documentation archive]]}}<br /> | {{Navigation_latest|release=4.4.3 ''Grolar''|link=[[Special:MyLanguage/SEP_sesam_Documentation#previous|documentation archive]]}}</div><br /> | ||
==Overview== | ==Overview== | ||
<div class="boilerplate metadata" id="Additional resources" style="background-color:#ecedf1; color:#8695a7; border: 1px ridge #cdd3db; margin: 0.5em; padding: 0.5em; float: right; width: 25%; "><center><b>Additional resources</b></center> | <div class="boilerplate metadata" id="Additional resources" style="background-color:#ecedf1; color:#8695a7; border: 1px ridge #cdd3db; margin: 0.5em; padding: 0.5em; float: right; width: 25%; "><center><b>Additional resources</b></center> | ||
{|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;" | {|style="margin: auto; margin-bottom:1em; width:100%; border:0px solid grey;" | ||
| rowspan="2" style="padding:0px 10px 0px;" | [[File:SEP Tip.png|45px|link= | | rowspan="2" style="padding:0px 10px 0px;" | [[File:SEP Tip.png|45px|link=4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]] | ||
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | See also: [[Special:MyLanguage/Authentication|Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] | | style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | See also: [[Special:MyLanguage/4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] | ||
|} | |} | ||
Line 21: | Line 23: | ||
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | Problems? Check the [[Special:MyLanguage/Troubleshooting_Guide| Troubleshooting Guide]]. | | style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | Problems? Check the [[Special:MyLanguage/Troubleshooting_Guide| Troubleshooting Guide]]. | ||
|}</div> | |}</div> | ||
An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). An ACL specifies which users or groups are granted access to objects | An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). An ACL specifies which users or groups are granted access to objects. As of SEP sesam version 4.4.3 [[Special:MyLanguage/SEP_sesam_Release_Versions|''Grolar'']], you can configure ACLs for [[Special:MyLanguage/SEP_sesam_Glossary#location|locations]] and [[Special:MyLanguage/SEP_sesam_Glossary#SBC|clients]], if you have the admin rights. Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For detalis, see [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]]. | ||
=={{anchor|configuration}}Configuring permissions (ACLs) for locations and clients== | =={{anchor|configuration}}Configuring permissions (ACLs) for locations and clients== | ||
Line 28: | Line 30: | ||
<ol><li>From '''Main selection''' -> '''Components''' -> '''Topology''', select the relevant location or a client (under the location) and double-click it (or click the '''Properties''' button). The ''Location/Client properties'' window appears.</li> | <ol><li>From '''Main selection''' -> '''Components''' -> '''Topology''', select the relevant location or a client (under the location) and double-click it (or click the '''Properties''' button). The ''Location/Client properties'' window appears.</li> | ||
<li>Switch to the ''Permissions'' tab. Select the relevant user or user group | <li>Switch to the ''Permissions'' tab. Select the relevant user or group. You can also add a new user/group by clicking '''Add''' and selecting a relevant user/group from the drop-down list.<br />Click '''OK''' to add a new user/group.</li> | ||
[[Image:Authentication_add_user.jpg|750px|link=]] | |||
<br clear=all> | |||
<li>Under ''Permissions'' panel, enable or disable access (to location/client) per user/group by clicking the '''Allow''' or '''Deny''' checkbox. </li> | |||
<li>Click '''OK''' to set up ACLs for a location/client.</li> | |||
<li>''' | [[Image:Authentication_permissions.jpg|link=]] | ||
<br clear=all> | |||
<li>Click '''OK''' to set up ACLs for a location/client.</li></ol> | </ol> | ||
When the administrator modifies the default ACL and therefore attaches ACL to the selected object, the client sends the information on ACL together with the object ID and the name of the data accessor object to the SEP sesam Server, which stores the ACLs to the database. The next query for objects uses the stored ACLs if the type of the queried objects matches the type of the object the ACL got attached to. | When the administrator modifies the default ACL and therefore attaches ACL to the selected object, the client sends the information on ACL together with the object ID and the name of the data accessor object to the SEP sesam Server, which stores the ACLs to the database. The next query for objects uses the stored ACLs if the type of the queried objects matches the type of the object the ACL got attached to. | ||
<div class="noprint"> | |||
==See also== | ==See also== | ||
[[Special:MyLanguage/Authentication|Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]] | [[Special:MyLanguage/4_4_3_Grolar:About_Authentication_and_Authorization|About Authentication and Authorization]] – [[Special:MyLanguage/4_4_3_Grolar:Configuring_Database-Based_Authentication|Configuring Database-Based Authentication]] – [[Special:MyLanguage/Configuring_Location|Configuring Location]] – [[Special:MyLanguage/Configuring_Clients|Configuring Clients]]</div> |
Revision as of 12:34, 25 April 2018
Overview
An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). An ACL specifies which users or groups are granted access to objects. As of SEP sesam version 4.4.3 Grolar, you can configure ACLs for locations and clients, if you have the admin rights. Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For detalis, see Configuring Database-Based Authentication.
Configuring permissions (ACLs) for locations and clients
You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see Configuring Location and Configuring Clients.
- From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
- Switch to the Permissions tab. Select the relevant user or group. You can also add a new user/group by clicking Add and selecting a relevant user/group from the drop-down list.
Click OK to add a new user/group. - Under Permissions panel, enable or disable access (to location/client) per user/group by clicking the Allow or Deny checkbox.
- Click OK to set up ACLs for a location/client.
When the administrator modifies the default ACL and therefore attaches ACL to the selected object, the client sends the information on ACL together with the object ID and the name of the data accessor object to the SEP sesam Server, which stores the ACLs to the database. The next query for objects uses the stored ACLs if the type of the queried objects matches the type of the object the ACL got attached to.