Previous Topic: How Security Is Set UpNext Topic: Predefined Access Types

Client Automation Security FeaturesConfiguring Common SecurityAdd Security Profile

Add Security Profile

Creating a security profile means mapping a new one to either a user account or group provided by the current security providers. You can select the users or groups who can access the system and add them to a security profile.

To add security profiles

  1. Select Security Profiles from the Security menu.

    The Security Profiles dialog appears.

    Note: You must have sufficient access rights to open this dialog; otherwise, a security error message is displayed. Administrators have these access rights by default.

  2. Click Add.

    The Add Security Profiles dialog appears.

  3. Select the security authority from the Available Directories tree, browse and click the required security principal.

    You can view the selected security authority and principal in the Container Identifier and Names fields, respectively.

  4. Double-click a principal in the tree, or click Add to List.

    The security principals shown in the Names field are added to the List of security profiles.

    To add more profiles, repeat the last two steps on the Add Security Profiles dialog.

  5. Click OK.

    The selected user account or group is mapped to the security profile and the Class Permissions dialog is displayed.

    Note: If you have added more than one security principal, the Class Permissions dialog is not displayed. You must select the profile in the Security Profiles dialog, and click Class Permissions.

  6. In the Class Permissions dialog, select the object class to which you want to assign the rights.

    Note: You can select multiple object classes and specify the class permissions for all of them. For continuous selection, press the Shift key and then click the objects; for random selection, press the Ctrl key and then click the objects.

  7. Select the permission in the Class access drop-down list, and click OK.

    The given permissions are assigned to the new security profile.

The Add Security Profiles dialog displays a list of available security authorities: Windows NT domains, UNIX authentication targets, external directories such as NDS and LDAP, and the X.509 certificate subsystem.

This list of available security authorities is stored at the manager. When running in a Windows NT domain environment, the manager node will automatically calculate all explicit domain trusts available. These are returned for display when the list of available security authorities is requested by the Add Security Profiles dialog.

In some cases you may wish to use an implicitly trusted domain when creating security profiles - a domain that is not in the directly calculated list. To enable this, the Security Profiles dialog allows you to add and remove authorities, but only within the Windows NT name-space (winnt).

To add an implicitly trusted domain, click Add and enter the domain name in the new dialog. After clicking OK, the domain will be added to the list of available authorities. To remove an implicitly trusted domain, highlight the domain you wish to remove and click Remove.

Adding a domain to the authorities list does not confer trust to that domain; this is enforced by the operating system. It is not possible to add a domain to this list and have the manager trust this domain unless the underlying operating system already trusts the domain in question.