ACLs tab
The left pane of the ACLs tab is a tree of the nodes in your system enterprise.
There are two types of boxes that display to the left of a node name:
- A white box icon indicates there is no ACL for the node. The users or roles that have permissions to perform operations are those that are included in the ACL for any higher-level nodes containing this node.
- A yellow box icon indicates there is an ACL for the node, and therefore at least one role or user with permissions.
When a system with advanced security is installed, a user named "administrator" is automatically issued a certificate. This user is added to the ACL for the root's application node. This contains nodes for the various security-related functions.
The right pane shows the ACL information for the selected node. This includes these items:
- Node name.
- Names of all the roles and users authorized to access the node.
- Permissions for each role or user.
- The Name/Permission table in the right pane indicates that the user or role has permissions shown by the user or role icon.
- If the user and role have the same name, then the ACLs are shown in different rows. Different icons distinguish between the user/role.
Except for run, the other rights (read, write, insert, and delete) are
disabled on the Permission Modification dialog box.
This happens when the permission is modified on the nodes that delegate the commands or
applications. For example, the command
node under a site
node, the hcicmd
node under the command
node, the application
node, or the
hciaccess
node.
The buttons along the bottom enable you to manage ACL data:
- is where you identify the role or user to be added and select the permissions for that role or user.
- is where you can change the permissions for the selected role or user. This is the only way to modify permissions; you cannot edit the text boxes within the Roles or Users tab.
When you delete a role, you automatically eliminate the permissions for all of that role's member roles and users. This does not affect any permissions set for them in other roles, or any associated user-level permissions.
clsecurityaudit node
The clsecurityaudit
node on the ACLs
tab is for security audit permission control.
In None and Basic security mode, there is no permission control for Security Audit.
In Advanced security mode, the clsecurityaudit
node on the ACLs tab is for generation,export, and view
security audit control in the Server Administration dialog box.
Additional support includes:
- read permission of
clsecurityaudit
is for view control. - run permission of
clsecurityaudit
is for generation and export control.