To define user access permission rules for a device or device class, you must assign one or more users or user groups to the device.
You use the Permissions dialog in the Device Explorer module to manage permission rules for user access to peripheral devices. Initially, the default permissions for all devices that connect to a computer running the Ivanti Device and Application Control client is None, which means that all user access is denied.
- Permissions Dialog
An administrator uses the Permissions dialog to create and manage permission rules for devices and associate these rules with user and user group access rights.
- Default Settings Permissions Priority
For device permissions assigned to a user or user group, priority settings govern whether a Machine-specific Settings permission rule can override a Default Settings permission rule.
- File Filters
You can assign file filters to user access permissions rules that limit access to specific file types.
- BitLocker Encrypted Devices
You can use BitLocker encrypted devices in a Device Control environment.
- Assigning Permission to a BitLocker Encrypted Device
You can authorize the use of a device encrypted with BitLocker Drive Encryption from the Permissions dialog.
- Working with Custom File Types
When the type of file you want to detect is not already supported directly by Device Control, you can extend the file type recognition capability by configuring a custom filter.
- Assign Permissions by Devices
You can assign permission rules for users to access devices and device classes with any computer the user selects.
- Assign Permission by Computers
You can assign computer-specific permission rules for users to access devices and device classes.
- Manage Online Permission
You can define online user access permission rules that govern wireless device use when the client is connected to the Application Server.
- Manage Offline Permissions
You can define offline user access permission rules that govern wireless device use when the client is disconnected from the Application Server.
- Assign Scheduled Permissions to Users
You can schedule user access permissions rules to limit the use of devices to hourly and daily periods of the week.
- Assign Temporary Permissions to Users
You can assign time-limited, once-per-occurrence permission rules on a computer-specific basis for user access to a device.
- Add Shadowing
An administrator can establish visibility for the file content read from and written to devices connected to clients. This type of visibility is referred to as file shadowing.
- Manage Shadowing
You can modify and remove shadow rules for users and user groups.
- Add Copy Limit
You can create permission rules for users and user groups that limit the amount of data that can be copied to a device on a daily basis. These are copy limit rules.
- Remove Copy Limit
You can remove copy limit rules established for a device.
- Add Event Notification
You can create an event notification permission rule that shows a customized message to a user who attempts to access an unauthorized device through a client computer.
- Manage Event Notification
You can modify and remove event notification rules for users and user groups.
- Creating a Data Loss Prevention (DLP) Filter
You can define a filter string that can be used against the contents of all MS Office and PDF documents to block or shadow the files.
- Assigning a Data Loss Prevention Filter to a Specific User or Group
You can assign a data loss prevention filer to a specific user or group through a device’s Permission dialog.
- File Type Filtering and Data Loss Prevention Combination Matrix
Learn the behaviors to expect when using different types of File Type Filtering and Data Loss Prevention permission combinations.