15.3.3.1. Procedure – Configuring authorization policies
Create an MC component. Click on , select from the combobox, and enter a name for the policy into the textbox.
on the tab of theSelect the authorization model to use in the policy from the
combobox. The following models are available:: Authorize only users meeting a set of authorization conditions, for example, certain users, users belonging to specified groups, or any combination of conditions using the other authorization models.
: The client trying to access the service has to be authorized by one (or more) authorized clients. This model can be used to implement 4-eyes authorization solutions.
: Authorize only userpairs — single users cannot access a service, that is, only two different users (with different usernames) can access the service.
Tip NEyesAuthentication
andPairAuthentication
are useful when the controlled access to sensitive (for example, financial) data has to be ensured and audited.: Authorize only the members of the listed usergroups. This is a simplified version of the
BasicAccessList
model.: Authorize only the listed users. This is a simplified version of the
BasicAccessList
model.: Authorize any user but only in the set time interval. This authorization model does not require authentication.
Tip Use the
BasicAccessList
authorization model to combine user authentication with time-based authentication. For example, create a policy consisting of twoRequired
policies: PermitTime and PermitUser.
Configure the parameters of the selected authorization class. See Section 15.3.3.2, Authorization models of PNS for the detailed description of the classes.
Navigate to the MC component, and select the service that will use the authorization policy.
tab of theIn the
section, select the to use from the combobox.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu