|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Creating Rules and Policies
|
|
|
|
Within a security context, you establish rules that protect specific resources. For example, you might create a rule to limit write access to files at a specific pathname. A rule determines what action can be performed on a resource.
Once you've defined access rules, you define a security policy that matches rules to users and groups. You grant access to a protected resource by adding both rules and users to a policy. The users and user groups you add to a policy (you can think of them as policy holders) are authorized to use the resources protected by the security context rules, which are assigned to the policy.
In other words, a rule is a key to a door that guards access to a resource. When you create a rule, it means the key needed to open the door to this resource is available. Who will get this key is decided when you create a policy that includes this rule.
|
|
|
|
To establish rules about access to resources:
|
|
|
- From the Advanced Server Security page, click Security Contexts.
- On the Registered Security Contexts page, select an existing security context. The Edit Security Context page appears.
- Click the Rules button.
- In the Resource Rules page for the current context, provide a rule name.
Rule names are user-defined logical names. Make the rule name easy to
remember and to associate with the resource it protects. For example, if you're
writing a rule to protect CFQUERY tag, you might name the rule CFQUERY. If
you're writing a rule to protect all access to a particular data source, you might
name it DatasourceName_All.
- In the Resource Type drop-down menu, select a resource type that you want to protect. Click Add.
- In the New Resource Rule window, describe how the rule works and click Add.
|
|
|
|
Note
|
|
|
In the Resource Rules page, you might also create additional rules for this security context -- for example, to restrict updating of data sources.
|
|
|
|
To create policies that match rules with user groups:
|
|
|
- From the Advanced Server Security page of the Administrator, click the Security Contexts button.
- On the Registered Security Contexts page, click on a security context.
- In the Edit Security Context page, click the Policies button.
- Provide a policy name and click Add.
For example, you could create a top-level security policy, called Platinum, to grant
to certain users broad access to protected resources.
- Write a description of the policy and click Add.
The Resource Policies window appears showing the available Policies for the
current Security Context. Now you can assign a policy to various rules and users.
|
|
|
  
|
|
|
AllaireDoc@allaire.com
Copyright © 1998, Allaire Corporation. All rights reserved.
|
|