No Results
Security Policies
Article Contents

EdgeCore version: 4.3.2

Security policies refine the access granted by security permissions.  Currently, there is only one policy type – the Domain policy, which enables you to grant and/or deny access to specific domains for users that have the role to which the policy applies.

The Domain policy can be associated with the following permissions:

  • Modify Domains and Users 
  • Assign Content

The Domain Provisioning permission encompasses both the above permissions – applying a policy to it causes the sub-permissions to have the same policy.  The policy for each permission is either inherited or can be defined explicitly to override its parent’s policy.

Defining a Domain Policy

Domain policies replace the configuration previously provided by the Partial Admin tab when configuring role provisioning. Configuration from previous versions will be upgraded to the new style of configuration.

To define a domain policy:

  1. Go to the Provision Roles page as a Full Admin user.
    You can access this page from either the Admin menu (the Provision icon > Roles) or the System menu (Content > Provisioning > Roles).
  2. Select the role to which you want to assign permissions.
  3. Click the Permissions tab.
    A list of permissions is displayed.
  4. Select the checkbox(es) next to the permission(s) you want to assign.
    As previously mentioned, Domain Provisioning, Modify Domains and Users, and Assign Content are the only permissions for which a domain policy can be defined, so you should expand Provisioning to access the aforementioned permissions. Upon selecting a permission, the following will be displayed:
    – information whether the policy for the selected permission inherits or overrides the parent’s policy;
    – fields for granting and denying access to certain domains;
  5. In Grant, click + to select domains to which the role will have access.
    A pop-up is displayed.

    Note: By default, the Domain policy grants access to <AllDomains>. However, you can remove <AllDomains> from the Grant list by clicking the trash bin icon. If you remove it, and leave both Grant and Deny fields empty, the policy grants access to nothing.
  6. Select a domain from the list and click Add.
    The selected domain is displayed in the Grant field.
  7. In Deny, click + to select domains to which the role will not have access.
    A pop-up is displayed.
  8. Select a domain from the list and click Add.
    The selected domain is displayed in the Deny field.
  9. Click Save.

 

Terms | Privacy
×