Modify Access to Resources

NEW!

This feature is new in Arellia v8.1.

You must have Full Access rights to modify or clone a security descriptor; Arellia Management Server (AMS) Administrators members have Full Access rights. If you are not a member of the AMS Administrators role, then contact a member of that group to apply these changes. 

The Resources that a user has access to can be restricted to a limited scope. This is often referred to as Resource Scoping. In the Arellia Management Server this is typically accomplished by scoping the resources that a user has access to by using Active Directory organizational units or groups. There are 2 steps to enable resource scoping:

  1. Enable Resource Scoping on a Resource Type
  2. Set the Security on the Scoped Resources

After the scoping has been enabled and configured then reports and pickers in Arellia will automatically be scoped to show only what the logged in user has access to according to their AMS Application Role. 

Enable Resource Scoping on a Resource Type

To enable Resource Scoping in Arellia, do the following:

  1. In the Arellia Security Manager, click the Configuration tab.
  2. In the file library in the left pane, navigate to Settings > Configuration > Resource Settings > Resource Types.
  3. Select the Resource Type that you want to scope.
  4. Then select the Security Scope Set. 
  5. To use Active Directory scoping, select Active Directory Domains.



  6. Save the Resource Type.

Set the Security on the Scoped Resources

  1. In the Arellia Security Manager, click the Resources Tab. 
  2. In the file library in the left pane, navigate to an Organizational Unit or Group that contains the resources to be scoped.
  3. Right-click and select Properties.
  4. Click the Security tab.
  5. Select Security descriptor and click the Select... link.
  6. Click the security descriptor you want to use.



  7. Click Save.
  8. Repeat these steps for each of the Scoped Resources.

Limit User Access to Passwords

Security descriptors