Assign Permissions by Devices

You can assign permission rules for users to access devices and device classes with any computer the user selects.

Permission rules can be assigned in the Device Explorer to the:

  • Root node of the Default settings hierarchy.
  • Device class node of the Default settings hierarchy.
  • Device group within a device class node shown in the Default settings hierarchy.
  • Device by make and/or model.
  • Device by unique serial number.

Root node permissions are assigned to the root of the Device Explorer hierarchy and apply to all devices for specific users or user groups.

  1. In the Management Console, select View > Modules > Device Explorer.
  2. Right-click a node from the Default settings division of the Device Explorer hierarchical structure.
  3. Select Add/Modify Permissions from the right-mouse menu.
    The Permissions dialog opens.
  4. Click Add.
    The Select Group, User, Local Group, Local User dialog opens.
  5. Click Search or Browse.
  6. Select a user or user group.
  7. Click OK.
  8. In the Permissions dialog, select the user or user group to assign user access permission rules.
  9. Select the permission options.
  10. Important: Only the permissions options available for the device or device class selected are shown.

  11. To limit user access to certain file types, click Filter.
    Restriction: File filtering is available only for the Removable Storage Devices, Floppy Disk Drives, and CD/DVD Drives device classes.
    The File Type Filtering dialog opens.
  12. Select one of the following options:
  13. Option Description
    All file types (Import/Export) Permission rules apply to all file types that are imported and exported by the user or user group for the specified device or device class.
    Only files selected from this list: Permission rules apply to only to selected file types that are imported and/or exported by the user or user group for the specified device or device class.

    A complete list of the file filter types supported by Device Control is shown in the Targets panel. Select file types using the check boxes adjacent to the file type name. You can also select Manage custom file types... to add, edit or remove custom file types.

  14. In the Permissions panel, select one or both of the following options:
  15. Option Description
    Export Allows a user to copy files from the Ivanti Device and Application Control client computer to an external device.
    Import Allows a user to copy files from an external device to the Ivanti Device and Application Control client computer.

    Important: You must select Import or Export at a minimum, to enforce file filtering rules.

  16. Click OK.
  17. In the Permissions dialog, click OK.
    The Permissions, Priority, and Filters you assign to the device or device class are shown in the Device Explorer hierarchical structure.

After Completing This Task

You should send new or updated permissions immediately to Ivanti Device and Application Control client computers using the Control Panel > Tools > Send Updates option. If you do not send updates to protected clients immediately, they automatically receive updates when they restart or at next user log in.

Related Information:

Related Tasks: