Access Permissions
Levels for Access Permissions
You can grant access permissions for all objects in the site structure.
Access permissions that you assign on the object level - organization (ORG), region or site - can be inherited by child objects - region, site, depot, Management Point.
Access Permissions for Authorized Users
Defining Access Permissions for Authorized Users
You can assign access permissions for users in two fundamentally different ways:
- You can use user
accounts that are defined in an NT domain
or in Active Directory. You can also use NT domain or AD groups.
Advantage: these users do not have to log in themselves when opening the DSMC; they are automatically logged in with their current NT account. - You can use separate user accounts for administering DSM. These user accounts can be used completely independent of domains or AD context. With these accounts, you can form "functional groups": all authorized users who are to be assigned certain access permissions can use the same user account.
Once you have defined the first authorized user, only that user can open the DSMC and access the resources using the permissions set for him.
Effective Permissions when using groups
If a user is member of several groups you have given administration permissions to, the permissions of all group memberships are added.
Displaying Access Permissions in the Configuration Table
You will find the list of authorized users with their
defined access permissions in the Administration Permissions
section of the configuration table. After the Ivanti DSM installation, the
list is empty (
Illustration).
Access permissions are displayed in the sequence of their resources. For each resource, the corresponding permissions are shown in square brackets [ ]:
r Read
w Write
x Execute
