IBM Proventia Network Enterprise User Manual - page 66
Chapter 4: Setting Up Scanning Permissions for Users
66
IBM Internet Security Systems
Considerations for Enterprise Scanner Permissions
Introduction
This topic provides background information about adding groups and users in the
SiteProtector system.
Prerequisite
To add a user or a group to a SiteProtector User Group, you need the exact Windows
account information, including computer name or domain name and user name. If you do
not have that information, you can do the following:
About group-level
permissions
Group-level permissions control a user’s ability to view, modify, and work with agents
and assets in a specific group. For example, group-level permissions control whether a
user can scan a group of assets with Enterprise Scanner or apply an XPU to the agents in a
group. Group-level permissions do not provide Site-wide functionality. They only provide
permission to perform actions on the assets in the group where they are assigned.
Because of the specific and flexible nature of group-level permissions, you can use them to
maintain very specific control over a user’s actions in the SiteProtector system. For
example, you can set group-level permissions such that three users have different
permissions for the same group.
Managing group-
level permissions
You should perform the following tasks before you configure group-level permissions:
●
set up asset groups
●
import assets into the asset groups
You may, however, configure group-level permissions before you set up asset groups and
import assets, and then assign group-level permissions as necessary. Subgroups you
create later automatically inherit these permissions.
Ungrouped assets
When you import assets before you set up asset groups, the SiteProtector system puts the
assets in the Ungrouped assets folder. To assign permissions to ungrouped assets, you
must use the global permission, Managing Ungrouped Assets.
If you want to add…
Then use…
local users and groups
Windows Computer Management to locate the information before
you add the user or group.
domain users and groups
the Check Names function in the user interface to locate the
information as you add the user or group.
Table 20: Finding required account information