Chapter 8: creating policies, Controlling user access with policies, Policy terminology – Raritan Engineering Command Center CC-SG User Manual
Page 123
C
HAPTER
8:
C
REATING
P
OLICIES
107
Chapter 8: Creating Policies
Controlling User Access with Policies
Using policies to control user access to ports is entirely optional. You could decide to assign all
users to the default System Administrators user group, which grants full access to all
configuration tasks, devices, ports, target systems and servers.
If you do want to control user access to target servers, you need to create user groups and apply
policies to them. If you used the Association Wizard, policies were automatically created for you.
First you create user groups and then you apply the default policies to the user groups. At that
point, you may want to add individual users to the user group so they are governed by the policies.
In summary: Create User Group>Apply Existing Policy to User Group>Add Users
If you did not use the Association Wizard, you need to do the following: First you create user
groups, then port groups, then policies, and lastly you apply the policies to the user groups. At
that point, you can add individual users to the user group so they are governed by the policies.
This method allows you to choose a policy you created as opposed to using the default policy
created in the Association Wizard.
In summary: Create User Group>Create Port Group>Create Policy>Apply Policy to User
Group>Add Users
Policy Terminology
You should read the following definitions to understand how they relate to policies:
• Policies—define the permissions, type of access, and to which ports and/or devices a user
group has access to. Policies are applied to a user group and have several control parameters
to determine the level of control, such as date and time of access.
• Port Groups—define ports that are accessible to a user. Port groups are used when creating a
policy to control access to the ports in the group.
• User Groups—are a set of users that share the same level of access and privileges. For
example, the default user group System Administrators has full access to all configuration
tasks and target hosts and servers. All other user groups have restricted CC-SG access and
should typically be employed for users who need port access only to a particular set of
devices or target servers and systems.