4 4 3 Grolar:Using Access Control Lists

From SEPsesam
Revision as of 12:42, 6 April 2020 by Sta (talk | contribs) (Minor Beefalo V2-related update.)
Other languages:

Template:Copyright SEP AG en

Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Grolar/4.4.3 Beefalo V2. For previous documentation version(s), check documentation archive.


Overview

An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). Use of ACL specifies the conditions for a particular user or group to do an operation on a specific object (e.g., client, location, backup, etc.). As of SEP sesam version 4.4.3 Grolar, you can configure ACLs for locations and clients, if you have the admin rights.

Note that before you configure ACLs, you have to activate authentication, configure the users and specify their access rights. For details, see Configuring Database-Based Authentication.

Configuring permissions (ACLs) for locations and clients

You can configure ACLs for a location (group of clients) or a specific client in the properties of the existing locations and clients. If you want to set up ACLs for a new location/client, you have to configure it first and then you can add the relevant permissions in their properties. For details on how to configure new locations and clients, see Configuring Location and Configuring Clients.

  1. From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
  2. Switch to the Permissions tab. Select the relevant user or group. You can also add a new user/group by clicking Add and selecting a relevant user/group from the drop-down list.
    Click OK to add a new user/group.
  3. Authentication add user Beefalo V2.jpg
  4. Under Permissions panel, enable or disable access (to location/client) per user/group by clicking the Allow or Deny checkbox.
  5. Information sign.png Note
    • By default, members of the ADMIN and OPERATOR groups have full access to all locations and clients. The RESTORE group has restricted access to all locations and clients.
    • ACLs can be set for the OPERATOR and RESTORE group. To ensure that your administrator(s) always have full access to all functionality, the following applies:
      • If database-based authentication is enabled, you cannot set ACL for the user Administrator (the user Administrator has access to all features).
      • In case of policy-based authentication, ACLs cannot be set for members of the ADMIN group (the ADMIN group has access to all features).
  6. Click OK to set up ACLs for a location/client.
  7. Authentication permissions Beefalo V2.jpg

When the administrator defines ACLs, the list of ACL entries is saved in the SEP sesam database and take effect immediately. This means that the new authorization settings (stored ACLs) are used for all further queries for the objects.