User Security

User Security

In User security you can give selected users access to the Policy Patrol Administration console and grant them certain permissions within the Administrations console. Policy Patrol user security is implemented at three levels; user access rights, component rights and folder rights.

User Access

Rights When a user connects to a Policy Patrol server, they will be asked for log on credentials. The user can log on with the current credentials or specify another user name and password. Policy Patrol will then check these credentials to see if the user is permitted to access the Policy Patrol Administration console.

By default only the members of the Administrator group are allowed to connect to Policy Patrol installations. To define which users have access rights, follow the next steps:

1. Select <server name>, expand Security and click on User security.

2. To add a user with access rights to Policy Patrol, click on Add. Select the users you wish to add and click OK. To remove a user from the list, select the user and click Remove.

3. To give the user Administrator rights, select the user and tick the check box Administrator rights. The user icon will now include a small lock to indicate that it has administrative rights. Policy Patrol Administrators have full access to all components and folders and cannot be denied any permissions. You must make at least one user an Administrator so that this user will always be able to access all options in Policy Patrol.
 Note
If you wish to grant a user from another domain access rights, you can right-click in the Security list and select Add other. This will allow you to specify a user by entering the user name in DOMAIN\Username format.

Component Rights

Now that you have set the access rights to the Administration console, you can specify which Policy Patrol components (i.e. tree nodes) each user has access to. By default, each user has access to all components. To change the access rights for a certain component, follow the next steps: 

1. Right-click the component (for instance Email Content Policies) and choose Component properties…

2. Go to the Security tab. By default the (Everyone) group has full access to the component. To change permissions, select the group and change the Allow/Deny permissions. The following rights can be applied:

Right : Description

View : View items

Create : Create new items

Edit  : Edit existing items

Delete : Delete items

Folder owner : Change folder permissions

If you only wish certain users to have rights to the component, click on Add and select the user(s) with the permissions. Select Allow or Deny for the relevant rights. Then select Everyone and click Deny for all rights.

If you wish all users to have access to the component apart from a couple of exceptions, click on Add and select the users to be denied access. Select the user(s) and tick the Deny check boxes.

A Folder owner has the right to change the component permissions for the component. Therefore, if you wish to deny permissions for a user, you must also select Deny for the Folder owner right.

Remember that each component needs to have at least one Folder owner and that Administrators cannot be denied any permissions.

When you have finished editing permissions, click OK.

Folder Rights

Policy Patrol makes use of folders for structuring purposes and to provide the possibility of controlling user access and rights to different folders. Policy Patrol includes a number of sample folders but you can also create your own folders.

To create a new folder, right-click the component and choose New folder… If you wish to create a subfolder, you must right-click on the parent folder and choose the option New folder… By default all users are given full rights to all folders. To change the permissions for a folder, follow the next steps:

1. Right-click the folder and select Folder properties….

2. Go to the Security tab. By default the (Everyone) group has full access to the folder. To change permissions, select the group and change the Allow/Deny permissions. The following rights can be applied:

Right : Description

View : View items

Create : Create new items

Edit  : Edit existing items

Delete : Delete items

Folder owner : Change folder permissions

If you only wish certain users to have rights to the folder, click on Add and select the user(s) with the permissions. Select Allow or Deny for the relevant rights. Then select Everyone and click Deny for all rights.

If you wish all users to have access to the folder apart from a couple of exceptions, click on Add and select the users to be denied access. Select the user(s) and tick the Deny check boxes.

A Folder owner has the right to change the folder permissions for the folder. Therefore, if you wish to deny permissions for a user, you must also select Deny for the Folder owner right.

Remember that each folder needs to have at least one Folder owner and that Administrators cannot be denied any permissions.

Inheritance of Folder Rights

If you create a subfolder, the subfolder will inherit the permissions of the top folder. If you edit the rights for a folder that contains subfolders, the same changes will be applied to the subfolders.
 Note
Policy Patrol Administrators have full rights to all components and folders and cannot be denied any permissions. If you wish to block access for a user with Administrator rights, you must first remove the Administrator rights for the user in <server name> > Security > User security.

 

 

Properties

Last Review: 2017-03-29 16:12:30 UTC

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.