Securelaunch access policy rules – Sony FIU-900 User Manual

Chapter 11: SecureLaunch

SecureSuite XS Workstation Guide

100

SecureLaunch Access Policy Rules

There are several scenarios you may encounter while configuring access policies
for individual users and groups. The following list demonstrates, by way of
examples, the rules associated with the different policies and the level of
importance given to each of them when deciding which policy to associate with
each user and group.

Individual user access policies have the highest priority. For example, suppose
that Sue is a member of the Users group and the Users group policy is set as

Access Denied

. Sue also has a user-specific policy set as

Access with

Authentication

. In this case, Sue will be able to access the application for

which the policy is set upon successful authentication since user-specific access
policies take priority over group policies.

If a user is a member of more than one group and these groups have policies set
in SecureLaunch, then the least restrictive access policy is associated with that
user. For example, suppose that Sue is a member of the Administrators group as
well as the Users group. If the access policy for the Administrators group is set as

Access Allowed

and the Users group as

Access with Authentication

,

then Sue will be able to access the application for which the policy is set without
having to authenticate since the setting

Access Allowed

is less restrictive than

Access with Authentication

.

If a user is only a member of a group for which access policies have not been set,
then the user will automatically be denied access to the application. For example,
suppose that Sue is a member of only the Backup Operators group and there is no
access policy associated with this group. Sue will then be denied access to the
application for which the policy has been set.