Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
301302303304305306307308309310
OmniAccess SafeGuard OS Administration Guide
306
Chapter 7: Establishing a Security Policy
Figure 10 Policies, Rules, and Roles
Therefore, when you enforce a policy you are applying a set of rules against a user role.
Role Hierarchy
Each role has a different set of privileges. Any user-defined role, by default, has the
authenticated role as the parent. A role can be designated as a child of other roles, except
for the authenticated and unauthenticated roles. If a role hierarchy is not established,
then duplicate policies would need to be duplicated throughout each role. A child role
can only have one parent role.
SafeGuard OS provides two default system roles:
authenticated
unauthenticated.
Any user who is unauthenticated is assigned the unauthenticated role. Any policies
defined for that role are assigned to all users having that role.
Policies are applied from the bottom of the hierarchy to the top of the hierarchy. In other
words, applied from the most specific to the least specific role. Figure 11 shows a simple
role hierarchy.
CST_059
Authentication
server
SLC
Matches the role to a set
of policies
User: Pat Lee
Role: Software Engineer
Password Credentials
Authenticated
Software
Engineer
role information
Rule n
Rule 3
Rule 2
Rule 1
Policies