Policy Permissions
Policy permissions allow you to configure which of the device's connections can be used to access the device's hard drives. Configuring policy permissions is an optional part of the process of creating a device class policy.
Permission Settings for a Policy
The Permission Settings page in the Device Class Policy Wizard lets you define access permissions for a policy.
The following table describes the Permission Settings page options.
|
Field |
Description |
|---|---|
|
Block all access |
Lets you create a deny-access policy. If you select this option, all other options in this section are disabled. |
|
Allow access with following |
Lets you specify the access permissions. |
|
Read |
Displays whether read access is permitted. |
|
Write |
Displays whether write access is permitted. |
|
Encrypt |
Displays whether device encryption is allowed. |
|
Decrypt |
Displays whether device decryption is allowed. |
|
Export to file |
Displays whether the key used to encrypt a device can be exported to a file. |
|
Export to media |
Displays whether the key used to encrypt a device can be exported to the medium itself. Choosing this option allows the device to be decrypted directly, eliminating the need for an external key. |
|
Import |
Displays whether data can be imported from an external encryption key. |
|
File Filters |
Displays whether access is restricted to specific file types. Note: Selecting this check box will let you access the File Filters page in the policy wizard. |
|
Connections |
Displays the available interface standards for the device type and allows you to specify if permissions should be applied only to specific interfaces. Bus Connection options are available depending on the device type selected. |
|
Drives |
Allows you to enable permissions for hard drive-based devices, non- hard drive-based devices, or both. This field is valid only for removable storage devices. |
|
Encryption |
Displays the encryption status of the devices for whom the policy has been created. This field is valid only for some device types. |
Priority Options when Defining Permissions
When you create a policy, you can assign a priority to it. This determines the level of access for a device collection assigned to that policy.
The following table explains the resulting access when permissions are defined between protecting a general device type (class) and a specific device from that class:
|
Device Level where Permission is Defined |
Permission Set |
Priority |
Resultant Permission for Selected Device |
|---|---|---|---|
|
Type |
None |
High |
None |
|
Model |
Read-Write |
Normal |
|
|
Type |
None |
Normal |
Read-Write |
|
Model |
Read-Write |
High |
|
|
Type |
Read-Write |
High |
None |
|
Model |
None |
High |
|
|
Type |
None |
Normal |
None |
|
Model |
Read-Write |
Normal |
|
|
Type |
Read |
High |
Read-Write |
|
Model |
Read-Write |
Normal |
|
|
Type |
Read |
Normal |
Read-Write |
|
Model |
Read-Write |
High |
|
|
Type |
Read-Write |
High |
Read-Write |
|
Model |
Read |
High |
|
|
Type |
Read |
Normal |
Read-Write |
|
Model |
Read-Write |
Normal |
|
|
Type |
None |
High |
None |
|
Model |
Read |
High |
|
|
Type |
None |
Normal |
None |
|
Model |
Read |
High |
Permission settings go from high to low in the order None, Read-Write, and Read.