Chapter 7: Using the SafeWord 2008 Management Console
Access control concepts overview
110
Figure 63:
Role to login
ACL relationship
Though not a required user attribute, roles are valuable because they offer a
quick means of applying or modifying uniform sets of access permissions to
large numbers of users.
Mmgt_staff
L_Neiger
R_Cordrey
H_Parsons
M_West
ID
Subj / Restrict
1
2
3
Subj=Role: Management
Company
Login ACL
L_Barry
J_May
J_Gilbert
F_Flores
M_Gilbert
J_McAbee
K_Allison
P_Wren
H_Parsons
R_Fowler
Subj=Role: Administrative
Restrict: Unrestricted
Restrict: M-F 0700-1800
Subj=IP: 192.168.XX.XX
Restrict: day/time
Subj=IP: 192.168.XX.XX
Restrict: Auth Strength 12
Subj=Role: IT_staff
Restrict: Unrestricted
4
10
Mmgt_staff
Admin_staff
Weekend_day
Weekend_swing
IT_staff
Sales_server
HR_server
Application_server
Individuals
or groups of
users...
can have
multiple
roles...
that point to
a login ACL...
containing entries
that can map access
restrictions to
individual roles.