4.4 Assigning Security Labels to Network Resources

With NMAS, you can assign a security label to NetWare volumes and to any eDirectory attribute. Users who log in to the network can access only those areas, based upon their clearance and the resource's label.

For example, if you label a volume as Biometric & Token, an NMAS user must be assigned the Biometric & Token clearance and authenticate to the network using a Biometric & Token clearance in order to access the volume.

Authorized and default clearances can be assigned to a user, a container, a partition root, or the login policy object. NMAS searches for the authorized or default authorized and default clearances for a user by attempting to read the attributes from the User object first, then the container of the user object, then the partition root of the user object, and finally the login policy object.

The clearances assigned to the User object supersede any clearances assigned to the container, partition root, or login policy object. If a clearance has been assigned to a partition root, that clearance applies to all the users under that partition root only if a clearance has not already been individually assigned to specific users.

Also, a clearance assigned to a container applies only to the users with unassigned clearances in that container, and not to the users in subcontainers of that container.

IMPORTANT:Labels assigned to traditional NetWare volumes (non-NSS volumes) are not effective until the volume is dismounted and mounted again.

To use ConsoleOne to assign a security clearance to a volume:

  1. In ConsoleOne, right-click a volume.

  2. Click Properties > click the Security tab.

  3. Select a security label from the Security Label drop-down list.

  4. Click OK to finish.

  5. (Conditional) If you are using traditional NetWare volumes (non-NSS volumes), dismount and mount the volume again for the labels to take effect.

To use iManager to assign a security clearance to a volume:

  1. In iManager, click Directory Administration > Modify Object.

  2. Browse for and select a volume, then click OK.

  3. Click the Security tab.

  4. Select a security label from the Security Label drop-down list.

  5. Click OK or Apply.

  6. (Conditional) If you are using traditional NetWare volumes (non-NSS volumes), dismount and mount the volume again for the labels to take effect.

To use ConsoleOne to assign a security clearance to eDirectory attributes:

  1. In ConsoleOne, click the Security Container, then double-click the Security Policy object, then click Directory Attribute Labels.

  2. Click the label next to the directory attribute.

  3. Click the down-arrow, then select a new label from the drop-down list.

  4. After making all necessary changes, click Apply or OK to save the changes.

To use ConsoleOne to assign a security clearance to eDirectory attributes:

  1. In iManager, click Directory Administration > Modify Object.

  2. Browse for and select the Security container, select Security Policy, then click OK.

  3. Click the Directory Attribute Labels tab.

  4. Click the label next to the directory attribute.

  5. Click the down-arrow, then select a new label from the drop-down list.

  6. After making all necessary changes, click OK or Apply to save the changes.