Controlling Login for Configuration Management Users
The predefined Login permission allows a user login access to configuration management functionality. By default, the Login permission is allowed for all users.
By clearing the Login permission, you prevent users from accessing configuration management functionality. This permission is set through the mks:si ACL. To revise the mks:si ACL Login permission, you follow a procedure similar to revising the Login permission for the mks:aa ACL.
To revise the mks:si Login permission using the Integrity Lifecycle Manager administration client
1. From the Integrity Lifecycle Manager administration client, open the Integrity view, click to expand the Permissions section, and then highlight Global. The display pane shows the global permission information for the mks:si ACL.
2. The default ACL entry for mks:si is a group named everyone. Remember, ACL entries consist of principals and permissions. In this case, the assigned permission is Login.
|
In the default condition, the Login permission is allowed for the everyone group.
|
You should first add a new ACL entry that gives you, or your group, full login access to configuration management functionality. To add a new ACL entry, highlight the Globalmks:si ACL, and right click to choose New from the shortcut menu. The Select ACL Entries to Add dialog box displays.
3. From the Principal list, select the group or user you want to add the new ACL entry for. For example, you could choose an SI_User group provided that group exists on your system. For information on filtering data and selecting items in the Select ACL Entries to Add dialog box, see the Filtering Data topic in the Getting Started documentation.
4. In the Permissions area, change the mks:si Login permission by clicking the indicator box and toggling through the condition indicators until the box displays a green plus sign indicating the allowed condition.
|
Once you add a principal, you can edit the associated permissions at any time by selecting the required option from the ACL menu or by right clicking and choosing the required option from the shortcut menu. Menu options include Allow Permission, Deny Permission, and Clear Permission.
|
5. Click OK to return to the main Integrity Lifecycle Manager administration client interface. The display pane shows the new ACL entry for the selected principal and the Login permission is enabled for that principal.
|
When setting mks:si ACL permissions for the everyone group, be careful that you only clear the Login permission.
Do not deny the Login permission to the everyone group—this effectively denies login permission to all users, including any administrator included in that group. Users who are denied login access cannot log in.
|
6. To clear the Login permission for the everyone group, highlight everyone, and then select > . The Change Permissions dialog box displays.
|
You can also click to expand the everyone section, highlight the Login permission, and then right click to choose Clear Permission from the shortcut menu.
|
7. To change the mks:si Login permission for the everyone group, click the indicator box and toggle through the condition indicators until the box is blank indicating the cleared condition.
8. To accept the changes, click OK. The Login permission is cleared for the everyone group and explicitly allowed only for the selected principal, for example, the SI_User group.