Previous Topic: Define Time Ranges for ACEsNext Topic: Define an IP Address White List

The DSM ExplorerControl PanelConfiguration FolderConfiguration PolicyConfiguration Views NodeHow to Use the ENC Authorization Rules Configuration ViewDefine a TACL

Define a TACL

Use the Access Control tab page to define a Timed Access Control List (TACL). Examples are provided at the end of the following procedure.

To define a TACL

  1. Select Enabled from the State drop-down list. (The default is Disabled.)

    Time-based access control is enabled.

  2. Specify a name for the TACL in the Name field.
  3. Select a time range from the Time Range drop-down list to be associated with this TACL.
  4. Select an access type from the Access Type drop-down list. Valid values are as follows: allow and deny.

    Default: allow

  5. In the Events field, select the applicable check boxes for those operations or events to which this TACL will be applied.

    Valid options include the following: Authenticated Connection, Server Registration, Router Registration, Master Router Registration, Server Client Registration, Manager Client Registration, Agent Connect, Agent Connect to Router, and Name Lookup.

    Note: For more information about ENC events, see the "Extended Network Connectivity (ENC) Gateway" chapter in the Implementation Guide.

  6. Specify values for the following policies in the Security Principal group box:
    Match Type

    Select the type of security principal in the Timed Access Control Entry (TACE). Valid values are as follows: Exact Match, Pattern Match, and Realm.

    Default: Pattern Match

    Realm

    If Realm is selected in the Match Type field, select the realm associated with the specified security principal.

    URI

    If Pattern Match or Exact Match is specified in the Match Type field, specify the source URI. This field is not case sensitive.

  7. Specify the values for the following policies in the Secured Object group box:
    Match Type

    Select the type of object being secured. Valid values are as follows: Exact Match, Pattern Match, and Realm.

    Default: Pattern Match

    Realm

    If Realm is selected in the Match Type field, select the realm associated with the specified secured object.

    URI

    If Pattern Match or Exact Match is specified in the Match Type field, specify the target URI. This field is not case sensitive.

  8. Click Add.

    The TACL is added to the Access Control table.

  9. (Optional) Select a TACL in the Access Control table and click Remove to remove it from the list.
  10. (Optional) Click Local to set the access control configuration policies to Locally Managed.
  11. (Optional) Click Default to reset the access control configuration policies to the original default values.
  12. Click Check to perform immediate validation of the data entered without committing the data.
  13. If cross-field or cross-table validation is successful, click Apply.
  14. Click the IP Addresses tab.

Examples

Access Type

Events

Security Principal URI or Realm

Security Principal Match Type

Secured Object URI or Realm

Secured Object Match Type

Description

allow

Authenticated Connection

Comp09

Exact Match

Comp08

Exact Match

Allow comp09 to connect to comp08.

deny

Authenticated Connection

Hua0[123]

Pattern Match

Comp09

Exact Match

Deny Hua01, Hua02, and Hua03 connection to comp09.

deny

AgentConnect
ManagerNameLookup

sunrealm

Realm

myrealm

Realm

Deny any node in sunrealm to access myrealm.