Basically, we now have the ability to secure sets of resources based on a user’s role membership (kind of like we did for securing items in the trees). So, in the past, we’ve had item security which limits what items you see in the trees (and tabs in consoles, etc). This new feature limits which resources certain Application Roles can see, view and manage (depending on how the security descriptor is defined).
...
Info |
---|
|
This feature is new in Arellia v8.1. |
Tip |
---|
You must have Full Access rights to modify or clone a security descriptor; Arellia Management Server (AMS) Administrators members have Full Access rights. If you are not a member of the AMS Administrators role, then contact a member of that group to apply these changes. |
The Resources that a user has access to can be restricted to a limited scope. This is often referred to as Resource Scoping. In the Arellia Management Server this is typically accomplished by scoping the resources that a user has access to by using Active Directory organizational units or groups. There are 2 steps to enable resource scoping:
- Enable Resource Scoping on a Resource Type
- Set the Security on the Scoped Resources
After the scoping has been enabled and configured then reports and pickers in Arellia will automatically be scoped to show only what the logged in user has access to according to their AMS Application Role.
Enable Resource Scoping on a Resource TypeTo enable Resource Scoping in Arellia, do the following:
- In the Arellia Security Manager, click the Configuration tab.
- In the file library in the left pane, navigate to Settings > Configuration > Resource Settings > Resource Types.
- Select the Resource Type that you want to scope.
Image Added - Then select the Security Scope Set.
Image Added - To use Active Directory scoping, select Active Directory Domains.
Image Added
- Save the Resource Type.
Set the Security on the Scoped Resources- In the Arellia Security Manager, click the Resources Tab.
- In the file library in the left pane, navigate to an Organizational Unit or Group that contains the resources to be scoped.
- Right-click and select Properties.
Image Added - Click the Security tab.
- Select Security descriptor and click the Select... link.
- Click the security descriptor you want to use.
Image Added
- Click Save.
- Repeat these steps for each of the Scoped Resources.
Related Links
Limit User Access to Passwords
Security descriptors