ACLs tab

The left pane of the ACLs tab is a tree of the nodes in your system enterprise.

There are two types of boxes that display to the left of a node name:

  • A white box icon indicates there is no ACL for the node. The users or roles that have permissions to perform operations are those that are included in the ACL for any higher-level nodes containing this node.
  • A yellow box icon indicates there is an ACL for the node, and therefore at least one role or user with permissions.

When a system with advanced security is installed, a user named "administrator" is automatically issued a certificate. This user is added to the ACL for the root's application node. This contains nodes for the various security-related functions.

The right pane shows the ACL information for the selected node. This includes these items:

  • Node name.
  • Names of all the roles and users authorized to access the node.
  • Permissions for each role or user.
  • The Name/Permission table in the right pane indicates that the user or role has permissions shown by the user or role icon.
  • If the user and role have the same name, then the ACLs are shown in different rows. Different icons distinguish between the user/role.

Except for run, the other rights (read, write, insert, and delete) are disabled on the Permission Modification dialog box. This happens when the permission is modified on the nodes that delegate the commands or applications. For example, the command node under a site node, the hcicmd node under the command node, the application node, or the hciaccess node.

The buttons along the bottom enable you to manage ACL data:

  • Add is where you identify the role or user to be added and select the permissions for that role or user.
  • Modify is where you can change the permissions for the selected role or user. This is the only way to modify permissions; you cannot edit the text boxes within the Roles or Users tab.

When you delete a role, you automatically eliminate the permissions for all of that role's member roles and users. This does not affect any permissions set for them in other roles, or any associated user-level permissions.

clsecurityaudit node

The clsecurityaudit node on the ACLs tab is for security audit permission control.

In None and Basic security mode, there is no permission control for Security Audit.

In Advanced security mode, the clsecurityaudit node on the ACLs tab is for generation,export, and view security audit control in the Server Administration dialog box.

Additional support includes:

  • read permission of clsecurityaudit is for view control.
  • run permission of clsecurityaudit is for generation and export control.