Sony FIU-710 Handbuch
Chapter 11: SecureLaunch
SecureSuite XS Workstation Guide
100
SecureLaunch Access Policy Rules
There are several scenarios you may encounter while configuring access policies
for individual users and groups. The following list demonstrates, by way of
examples, the rules associated with the different policies and the level of
importance given to each of them when deciding which policy to associate with
each user and group.
for individual users and groups. The following list demonstrates, by way of
examples, the rules associated with the different policies and the level of
importance given to each of them when deciding which policy to associate with
each user and group.
Individual user access policies have the highest priority. For example, suppose
that Sue is a member of the Users group and the Users group policy is set as
that Sue is a member of the Users group and the Users group policy is set as
Access Denied
. Sue also has a user-specific policy set as
Access with
Authentication
. In this case, Sue will be able to access the application for
which the policy is set upon successful authentication since user-specific access
policies take priority over group policies.
policies take priority over group policies.
If a user is a member of more than one group and these groups have policies set
in SecureLaunch, then the least restrictive access policy is associated with that
user. For example, suppose that Sue is a member of the Administrators group as
well as the Users group. If the access policy for the Administrators group is set as
in SecureLaunch, then the least restrictive access policy is associated with that
user. For example, suppose that Sue is a member of the Administrators group as
well as the Users group. If the access policy for the Administrators group is set as
Access Allowed
and the Users group as
Access with Authentication
,
then Sue will be able to access the application for which the policy is set without
having to authenticate since the setting
having to authenticate since the setting
Access Allowed
is less restrictive than
Access with Authentication
.
If a user is only a member of a group for which access policies have not been set,
then the user will automatically be denied access to the application. For example,
suppose that Sue is a member of only the Backup Operators group and there is no
access policy associated with this group. Sue will then be denied access to the
application for which the policy has been set.
then the user will automatically be denied access to the application. For example,
suppose that Sue is a member of only the Backup Operators group and there is no
access policy associated with this group. Sue will then be denied access to the
application for which the policy has been set.