Specifications

Role Inheritance
BlueSecure™ Controller Setup and Administration Guide 8-3
You can configure the BSC to support enterprise guest access by defining local user
accounts and assigning them to the BSC’s default guest role. Configuring guest access in
this way enables you to set the following limitations on guests who access your enterprise
network:
when the guest user account is activated and expired
the network bandwidth the guest can use
the network services the guest can access (only DNS and HTTP/S by default)
See “Local BSC User Authentication” on page 5-2 for information about configuring local
user accounts.
Role Inheritance
Everyone in an organization shares certain access privileges. For example, all employees
likely have access to cafeteria facilities but only a few have the key code that unlocks the
computer room.
Role inheritance allows you to map these access privileges to your unique organizational
structure. Commonly held privileges constitute the base role X. When defining a more
restrictive role Y, you can specify the base role as a default set of privileges that is
available (i.e., inherited from role X) if none of the policies in role Y match the requested
service, destination, or direction of traffic.
Use of role inheritance provides two significant advantages:
Figure 8-1: Role-based Authorization for a Registered User
Figure 8-2: Role-based Authorization for an Unregistered User
= Access Blocked
Power
Reset
D
I
S
K
P
W
R
WG-2100 Wireless Gateway
User with Engineering
Role Assigned
Bluesocket BSC
Enterprise Network
Firewall
Internet
HTTP, HTTPS,
POP3,
and SMTP
Finance
Managed Side Protected Side
= Access Blocked
Power
Reset
D
I
S
K
P
W
R
WG-2100 Wir ele ss Gate way
User with Guest
Role Assigned
Bluesocket BSC
Enterprise Network
Firewall
Internet
HTTP, HTTPS,
and POP3
Finance
Managed Side Protected Side