Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIVISTA SAFEGUARD MANAGER
111112113114115116117118119120
OmniVista SafeGuard Manager Administration Guide
119
Chapter 5: Device Configuration
Role Derivations
Role derivation for a user is achieved by matching a set of authentication protocol-
specific attributes and their values to a role. The attributes are obtained by user
authentication against an external RADIUS, Kerberos, or another server. These attributes
are sent by the authentication server to the network access device when an access request
is successfully accepted. Role derivation rules are not applied when authentication fails.
Roles can also be derived against user names.
The role derivation rules are defined in a rule map, which can be configured for each
authentication protocol type. Every rulemap has a factory default role based on the type
of authentication protocol for which the rule map is configured. The default role in a rule
map can be modified to a role by user choice. The default role is assigned when no rule in
the rule map matches the attributes of an authentication session.
In addition, the position of a rule in the rule map determines the priority of the rule in the
rule map. The first rule that is matched drives the role derivation for the authenticating
user. If no match occurs on the attribute list, then the default role specified in the rule
map is assigned to the authenticating user. When a rule map is defined or created, the
“default role” is set to the factory default role, which in turn is based on the auth attribute
type for which the rule map is defined. This default role is authenticated.
You set up users in the authentication database by assigning them a set of roles usually
defined first by department and then by mapping a set of authentication protocol-specific
attributes and their values to a role. The attributes are obtained by user authentication
against an external RADIUS, Kerberos, or another server.
To define a role derivation rule set:
1 Select Role Derivations from the navigation tree (Figure 61) and click New
in the Action Bar.
The New Role Derivation Rule Set dialog box displays
(
Figure 73
).