Each security domain contains a set of controlling assets that control access to the other security objects in the domain. Controlling assets check users’ permissions when they try to perform an action on an object. For example, if John tries to update the properties of organization O, the organization controlling asset checks whether any of the roles granted to John have permission to update O; if so, John is permitted to update O, otherwise, John is not permitted to update O. Table 5-3 lists the controlling assets; domain represents the name of the domain.
Controlling asset |
Controls access to |
|---|---|
SYBDOMAIN_domain_AccessAssetTypeCtrlAsset |
AccessTypes and AssetTypes |
SYBDOMAIN_domain_AssetCtrlAsset |
Assets |
SYBDOMAIN_domain_DomainCtrlAsset |
The domain |
SYBDOMAIN_domain_GroupCtrlAsset |
Groups |
SYBDOMAIN_domain_OrgCtrlAsset |
Organizations |
SYBDOMAIN_domain_RoleCtrlAsset |
Roles |
SYBDOMAIN_domain_SubjectCtrlAsset |
Users |
Table 5-4 describes the permissions you must have to manage the controlling assets.
Action |
Permissions required |
|---|---|
List the controlling assets in a domain. |
LIST on the domain controlling asset. |
View the properties of a controlling asset. |
READ on the controlling asset. |
Update the properties of, or the permission to access, a controlling asset. |
UPDATE on the controlling asset. |
Editing controlling assets in a domain
To edit the name, DN, asset type, or description of a controlling asset:
In the Domain Manager tree view, expand the domain, and highlight Assets.
In the right pane, highlight the controlling asset, right-click, and select Edit Asset.
In the Edit Asset dialog box, modify the values you want to change, and click OK.
Managing permissions to
access controlling assets
To define which roles have permission to access the controlling assets:
In the Domain Manager tree view, expand the domain, and highlight Assets.
In the right pane, highlight the controlling asset, right-click, and select Manage Access Permission.
In the left list, select the organization. In the adjacent list, select the role. The Available Permissions list box displays the permissions available for this controlling asset. The Assigned Permissions list displays the permissions assigned to the selected role.
To assign permissions to this role, highlight a permission in the Available Permissions list, and click Add. The permission displays in the Assigned Permissions list.
To assign all the available permissions to this role, click Add All.
All of this role’s assigned permissions to access this controlling asset display in the Access Permissions Granted on the Asset list, at the bottom of the window.
To assign permissions to access this controlling asset to other roles, repeat steps 3 and 4.
To remove permissions, highlight the permission you want to remove in the Assigned Permissions list, and click Remove.
To remove all this role’s permissions for this controlling asset, click Remove All.
For each role from which you want to remove access permissions, repeat steps 3 and 5.
