1.8 Access to Resources

eDirectory provides a basic level of network access security through default rights. You can provide additional access control by completing the tasks outlined below.

  • Assigning rights

    Each time a user attempts to access a network resource, the system calculates the user’s effective rights to that resource. To ensure that users have the appropriate effective rights to resources, you can make explicit trustee assignments, grant security equivalences, and filter inherited rights.

    To simplify the assignment of rights, you can create Group and Organizational Role objects, then assign users to the groups and roles.

  • Adding login security

    Login security is not provided by default. You can set up several optional login security measures, including login passwords, login location and time restrictions, limits on concurrent login sessions, intruder detection, and login disabling.

  • Setting up role-based administration

    You can set up administrators for specific object properties and grant them rights to only those properties. This allows you to create administrators with specific responsibilities that can be inheritable to subordinates of any given container object. A role-based administrator can have responsibilities over any specific properties, such as those that relate to employee information or passwords.

    See Installing RBS in the NetIQ iManager 2.7 Administration Guide for instruction on setting up Role-Based Services.

    You can also define roles in terms of the specific tasks that administrators can perform in role-based administration applications. See Section 3.3, Configuring Role-Based Services for more information.