After you register security contexts, use the Security Resources page to view policies, add and delete security for your resources. To add resources security:
In the ColdFusion Administrator navigation frame, click Security>Security Configuration to see the Advanced Security page, then click Resources. (Note that the Resources button is also available on the Edit Security Context page to make it convenient for you to secure resources while you register contexts.)
A Java plug-in is required
to display the page. If a message appears asking you to verify whether
you want to run the plug-in, click Grant
this Session or Grant always
to proceed.
The Security Resources page appears. It features a Resource Browser
with graphic representations of secured resources in the selected security
context. Buttons at the bottom of the Resource View enable you to view
policies, add and delete resource security, and access security contexts.
|
A safe icon appears next to the name of the security context. |
|
A locked folder icon appears next to a resource type that has been selected for the security context. It indicates that you can protect individual resources of this type. |
If you displayed the Security Resources page from the Advanced Security page, select a security context from the Current Security Context drop-down list. If you accessed the Security Resources page while editing a context, that context is already selected. You can change it using the drop-down list, if necessary.
In the Resource Browser, select a resource type.
Click Add
Resource. The Add Resource page appears. The fields you see depend
on the resource type selected, as outlined in the following table:
Resource Type |
Fields |
Application |
Enter the application name. |
CFML |
Use the drop-down Tag Name list to select the tag for that this rule protects.
Use the Action drop-down list to select the action that this rule governs. |
Collection |
Enter a Collection name.
Then select one of the Access Rights options to govern what can be done with the collection: Delete, Optimize, Purge, Search or Update. |
Component Name |
Enter the name of the component that this rule protects. |
Custom Tag |
Enter the custom tag that this rule protects. |
Data Source |
Enter the data source.
Then select one of the Restrict SQL options to govern what can be done with the data source: All, Connect, Delete, Insert, Select, Update or Execute Stored Procedures. |
File |
Enter the path and filename.
Then select one of the Access Rights options to govern what can be done with the file: Read or Write. |
Function |
Enter the function name. |
UserObject |
Enter the name of the user object.
Enter the action governed by the rule. |
User |
Enter the name of the user governed by the rule. |
Select the resource to protect.
Click Add. The Resource View appears. You can proceed to edit security policies for the resource.
If you displayed the Security Resources page from the Advanced Security page, select a security context from the Current Security Context drop-down list. If you accessed the Security Resources page while editing a context, that context is already selected. You can change it using the drop-down list, if necessary.
In the Resource Browser, select a resource type.
Click Remove Resource to see the Remove Resource page.
Select the resource to delete.
Click Remove. The Resource View displays.