User Instructions

ManualsBrandsSilver Spring Networks ManualsElectronicsGateway

(possibly on a

per user basis,

where that

makes sense).

on the

server.

However the

interface the

applets and

applications

see should

be through a

servant.

4.3 Permissions

Access control permissions (or just permissions) in the ENICS

system apply to all applications (including both Java applications and

applets) that may be initiated outside of the server environment.

Applications that are initiated by and run under the control of the ENICS

server environment (such as the network health monitor) do not require

access permissions. Access permissions are assigned out of the available

options on a user by user basis.

Each application has three sets of permissions. The first “set”

determines whether a user is allowed to access the ENICS server while

running a particular application. For example, a user may be granted

permission to run the Interactive Meter Reader, but not the Network

Configuration Manager. This is not a security measure, since the only

way the ENICS server has to know what application is being run is for

the application to tell it. Thus, this sort of permission won’t be able to

deter a cracker who writes his or her own application, but it will give the

system administrator control over who can run applications under

normal circumstances.

The second set controls access to the various database tables in

the system. An application may have read, modify and append

permission for a table. Append is a restricted type of write access that

allows an application to add new records to a table, but not to either

modify or read records that already exist. Modify access implies both

read and append access. For databases that contain information that is

associated with particular users, users may be granted permission to

read or modify data for themselves only or for all users.

The third set of permissions controls access to the

communications network. The first access permission is “network use”.

This allows an application to interact with the communications network.

If it is not set, then the application is not allowed to interact with the

communications server. The second network access permission is IMU

read/modify, which determine which types of messages that can get or

set IMU information are allowed to be sent. The third network access

permission is network read/modify, which determines which messages

can be sent that may read information from or modify gateways and

relays. Please note that even an application that has no explicit network