Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-ADVANCED ADMINISTRATION
919293949596979899100
82 Chapter 5 Configuring Advanced Security
Resource types
A ColdFusion resource type that you want to protect is the core of Advanced security.
Selecting a resource to protect doesnt specify how to protect it or which users can
access it; youre simply telling ColdFusion the name and, if applicable, the action of
the resource you intend to secure. For example, you can control:
Write access to all the files in a specified directory
Which actions of a specified CFML tag are restricted
Inserts and updates for a specific ColdFusion data source
Resources are not secured until you specifically choose to protect them. You can
secure the following types of resources:
Applications
Verity Collections
Components
ColdFusion Tags
ColdFusion Functions
Custom Tags
Data Sources
Files and Directories
User Objects
Users
Policies
After you specify a resource to protect, you need to create a policy that gives a set of
users access rights to that resource. A policy binds resources to users or user groups,
that is, it grants a group of users access to specified resources.
For example, you can create a policy that gives members of a team complete access
to three data sources that the team uses regularly. You could also create a policy that
specifies the system administrator as the only user who can use the
cffile tags
write action.
If you specify a resource to protect but do not include it in any policy, the resource is
fully protected within the Security Contextin other words, no users have access to
those resources.