3.6.0 Matrix Server 3.6.0 Administration Guide (5697-7081, December 2007)
Copyright © 1999-2007 PolyServe, Inc. All rights reserved.
135
12
Configure Security Features
Matrix Server provides the following security features:
• Role-Based Security. By default, the machine’s local Administrators
group has full cluster rights and can perform all Matrix Server
operations. You can use the Role-Based Security feature to create roles
that allow or deny other users and groups the ability to perform
specific cluster operations.
• An audit trail of matrix operations that change the state or
configuration of the matrix, as well as operations that consume large
amounts of system resources. The audit messages specify both the
operation performed and the user who initiated the operation.
Role-Based Security
When you attempt to perform matrix operations, Matrix Server reads the
Windows access token created when you logged into Matrix Server to
determine your user account and the groups to which you belong. It then
assigns matrix permissions, or rights, to you based on the roles to which
your user account and groups belong. For example, if you belong to a role
that allows filesystem operations and also belong to another role that
allows you to configure servers, you will have both sets of permissions.
A role denying an operation takes precedence over a role that allows the
operation. If you belong to a role that allows you to create, modify, and
delete filesystems and you also belong to a role that denies the ability to
delete filesystems, Matrix Server will authorize you only for creating and
modifying filesystems. The deny status overrides the allow status.