Use the Resource Rules for Security Context page to add, edit or delete resource rules for a security context. You add rules to a security context to define specific resources that can be secured. A rule can also specify an attribute of a resource. For example, you can create a rule to limit write access to files in a specific directory.
If a rule is not included in any policy, the resources it governs are fully protected (i.e. no user has access to them) within the rule's security context.
To add a resource rule for a Security Context:
In the ColdFusion Administrator navigation frame, click Security>Security Configuration to see the Advanced Security page, then click Security Contexts. The Register Security Contexts page appears.
Click the name of the context for which you want to manage rules. The Edit Security Context page appears.
Click Rules. The Resource Rules for Security Context page appears.
In the Rule Name text box, enter a name for the rule. It should be easy to remember and to associate with the resource it protects.
Use the Resource Type drop-down list to select the resource that the new rule protects. Available resources are those selected during the creation of the context. However, if you chose to protect all resources, then None Available appears in this list.
Click Add. The New Resource Rule of Type page appears.
In the Description text box, enter a description of the rule that will help you identify its purpose in future work with the security context.
The next fields you see
depend on the resource type for the
rule. Complete the fields as outlined in the next table:
Fields | |
Application |
Enter the application name. |
CFML |
From the drop-down Tag Name list, select the tag that this rule protects.
Use the Action drop-down list to select the action that this rule governs. |
Collection |
Enter a Collection name.
Then select one of the Access Rights options to govern what can be done with the collection: Delete, Optimize, Purge, Search or Update. |
Component Name |
Enter the name of the component that this rule protects. |
Custom Tag |
Enter the custom tag that this rule protects. |
Data Source |
Enter the data source.
Then select one of the Restrict SQL options to govern what can be done with the data source: All, Connect, Delete, Insert, Select, Update or Execute Stored Procedures. |
File |
Enter the path and filename.
Then select one of the Access Rights options to govern what can be done with the file: Read or Write. |
Function |
Enter the function name. |
UserObject |
Enter the name of the user object.
Enter the action governed by the rule. |
User |
Enter the name of the user governed by the rule. |
Click Add to save the rule. It appears in the table underneath the Rule Name field.
To edit or delete resource rules for a security context:
Access the Resource Rules for Security Context page.
To edit a rule:
a. Click the name of the rule you want to modify. The Edit Resource
Rule of Type page appears.
b. Edit the fields as necessary. For help, see the table
above. Note that you cannot change the resource type of a rule. If you
no longer require a rule for a resource type, delete it and then create
a new rule for the desired resource type.
c. Click Apply. The Resource
Rules for Security Context page appears with the modified rule listed
in the table.
To delete a rule:
a. Click the name of the rule you want to delete. The Edit Resource
Rule of Type page appears.
b. Click Delete. The Resource
Rules for Security Context page appears; the deleted rule no longer appears
in the table.