4 4 3 Grolar:Using Access Control Lists

From SEPsesam
Revision as of 10:03, 8 February 2018 by Sta (talk | contribs) (Draft version for using ACL.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Template:Copyright SEP AG en

Draft.png WORK IN PROGRESS
This article is in the initial stage and may be updated, replaced or deleted at any time. It is inappropriate to use this document as reference material as it is a work in progress and should be treated as such.
Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Grolar. For previous documentation version(s), check documentation archive.


Overview

Additional resources
Authentication See also: AuthenticationConfiguring LocationConfiguring Clients

FAQ

Check FAQ to find the answers to most common questions.

Troubleshooting Guide Problems? Check the Troubleshooting Guide.

An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). An ACL specifies which users or groups are granted access to objects – currently these include clients and locations – as well as what operations are allowed on given objects (read, write or execute). As of SEP sesam version 4.4.3 Grolar, the administrators can configure ACLs for locations and clients, if they are granted appropriate permissions (admin).

Configuring permissions (ACLs) for locations and clients

You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see Configuring Location and Configuring Clients.

  1. From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
  2. Switch to the Permissions tab. Select the relevant user or user group, and click Add.
  3. Under Permissions panel, enable or disable the following permissions per user/user group:
    • Full Control: Permits accessing, changing, and executing the locations/clients.
    • Write: Permits changing the locations/clients.
    • Read/Execute: Permits accessing and executing the locations/clients.
    • Read: Permits accessing the locations/clients.
    Information sign.png Note
    If an object does not have any ACL attached or no ACL is inherited from a parent object, a Full Control permission is set automatically. If an object inherits the ACL from its parent object, the inherited ACL is shown in the panel and marked as inherited (read-only and grayed out). By using the Edit button you can change the inherited ACL.
  4. Click OK to set up ACLs for a location/client.

When the administrator modifies the default ACL and therefore attaches ACL to the selected object, the client sends the information on ACL together with the object ID and the name of the data accessor object to the SEP sesam Server, which stores the ACLs to the database. The next query for objects uses the stored ACLs if the type of the queried objects matches the type of the object the ACL got attached to.

See also

AuthenticationConfiguring LocationConfiguring Clients

Retrieved from "https://wiki.sep.de/wiki/index.php?title=4_4_3_Grolar:Using_Access_Control_Lists&oldid=53856"