Assign Permissions by Devices
You can assign permission rules for users to access devices and device classes with any computer the user selects.
Permission rules can be assigned in the Device Explorer to the:
- Root node of the Default settings hierarchy.
- Device class node of the Default settings hierarchy.
- Device group within a device class node shown in the Default settings hierarchy.
- Device by make and/or model.
- Device by unique serial number.
Root node permissions are assigned to the root of the Device Explorer hierarchy and apply to all devices for specific users or user groups.
- In the Management Console, select View > Modules > Device Explorer.
- Right-click a node from the Default settings division of the Device Explorer hierarchical structure.
- Select Add/Modify Permissions from the right-mouse menu.
The Permissions dialog opens.
- Click Add.
The Select Group, User, Local Group, Local User dialog opens.
- Click Search or Browse.
- Select a user or user group.
- Click OK.
- In the Permissions dialog, select the user or user group to assign user access permission rules.
- Select the permission options.
- To limit user access to certain file types, click Filter.
Restriction: File filtering is available only for the Removable Storage Devices, Floppy Disk Drives, and CD/DVD Drives device classes.
The File Type Filtering dialog opens.
- Select one of the following options:
- In the Permissions panel, select one or both of the following options:
- Click OK.
- In the Permissions dialog, click OK.
The Permissions, Priority, and Filters you assign to the device or device class are shown in the Device Explorer hierarchical structure.
Important: Only the permissions options available for the device or device class selected are shown.
|All file types (Import/Export)||Permission rules apply to all file types that are imported and exported by the user or user group for the specified device or device class.|
|Only files selected from this list:||Permission rules apply to only to selected file types that are imported and/or exported by the user or user group for the specified device or device class.|
A complete list of the file filter types supported by Device Control is shown in the Targets panel. Select file types using the check boxes adjacent to the file type name. You can also select Manage custom file types... to add, edit or remove custom file types.
|Export||Allows a user to copy files from the Ivanti Device and Application Control client computer to an external device.|
|Import||Allows a user to copy files from an external device to the Ivanti Device and Application Control client computer.|
Important: You must select Import or Export at a minimum, to enforce file filtering rules.
After Completing This Task
You should send new or updated permissions immediately to Ivanti Device and Application Control client computers using the Control Panel > Tools > Send Updates option. If you do not send updates to protected clients immediately, they automatically receive updates when they restart or at next user log in.
- Permissions Dialog
- Default Settings Permissions Priority
- File Filters
- BitLocker Encrypted Devices
- Working with Custom File Types
- File Type Filtering and Data Loss Prevention Combination Matrix
- Assigning Permission to a BitLocker Encrypted Device
- Assign Permission by Computers
- Manage Online Permission
- Manage Offline Permissions
- Assign Scheduled Permissions to Users
- Assign Temporary Permissions to Users
- Add Shadowing
- Manage Shadowing
- Add Copy Limit
- Remove Copy Limit
- Add Event Notification
- Manage Event Notification
- Creating a Data Loss Prevention (DLP) Filter
- Assigning a Data Loss Prevention Filter to a Specific User or Group