To Assign Resource Permissions When Using MFDS Internal Security

The display and setting of permissions when using MFDS Internal Security differs from that of other security managers. In its model, you cannot create resource entities, or define Access Control Lists for them. Instead there is a predefined set of permissions, which you view and set through the permissions tab when editing user groups. Users inherit their permissions from the groups to which they belong.

The instructions below are for setting permissions for a group. For instructions on adding users to groups, see To assign one or more users to a user group and To assign a user to one or more user groups.

  1. Click Security under Configure on the menu on the left-hand side of an Enterprise Server Administration Web page.
  2. Click Security Managers.
  3. Select the MFDS Internal Security Manager by clicking the relevant radio button in the Select column.
  4. Click Edit .
  5. Click Properties .
  6. Click Groups.
  7. Click the Edit button adjacent to the group you want to assign permissions to.
  8. Under Permissions, check each permission that you want to grant to the group. If you want to grant all permissions under the Directory Server Administration or Servers sections, click the appropriate Allow All button.

    The permissions are displayed in an inverted tree structure. Those on lower branches include the permissions on the branches from which they descend. For example, the permission to restore a repository includes the permission to import a repository. Therefore, restore is shown as a descendant of import.

    When you grant a particular permission, any permissions that it includes are automatically granted. Hence, when you check the Restore Repository permission, the Import Repository permission is automatically checked as well.

    Where a check box for a permission is greyed out, it indicates that the permission is included by other permissions that have been granted to the group. To revoke a permission that is included by others, you must first revoke those other permissions.