Chapter 7: Using the SafeWord 2008 Management Console
Creating roles
126
Creating roles
Before creating roles, you must have at least one login ACL created, as each
role must point to a login ACL. Additionally, a role can only point to one login
ACL. As you create each role, you point it to the ACL that provides the security
policy definition for it, specifically, the ACL that contains an entry with that role
as its subject.
If you have not created a login ACL, refer to “Creating login ACLs” on page
121. When you have created a login ACL, you are ready to start creating roles
to assign to your users.
While not required, Roles can be very powerful tools to help manage user
access needs. A role is a tag that identifies a user’s access privileges. Roles
are generally associated with login ACLs. In SafeWord, a role is only a label,
and is generally meaningless without a supporting login ACL.
Tip: When naming your roles, it is helpful to use a naming convention that
describes what the role does, or who the role affects. For example, role names
such as “Executive_role”, “HR_role”, Weekday_dayshift_role”, or
“No_weekend_role” offer visual clues about the function of those roles. Note
however, that this convention only works if the access rules that you define in the
associated login ACL provide relevant security policy definitions for that role. For
example, a role called “nightshift” should point to an ACL that defines an access
rule that maps the “nightshift” role to the blocks of time within the work week that
comprise the nightshift within your organization.
Create a role
To create a role, from the SafeWord 2008 Management Console, select an
Admin Group
into which the roles will be placed. Generally, roles are placed in
a global group that will be accessible to all administrators. If you want to
restrict accessibility, select a non-global admin group.
Select
Insert > Role
to display the Create a New Role window.
Figure 72:
Create a new
role (General tab)