Access Role - Networks

What can I do here?

Use this window to configure an access role and its networks.

Using Access Roles

What background information do I need to know?

Before creating access role objects, you must first activate Identity Awareness.

You can use Access Role objects as source and/or destination parameter in a rule. Access role objects can include one or more of these objects:

• Users and user groups
• Computers and computer groups
• Networks
• Remotes Access and VPN Clients

To enforce Identity Awareness, use these access role objects in the Rule Base.

Adding Access Roles

Important: Before you add Active Directory users, machines, or groups to an access role, make sure there is LDAP connectivity between the Security Management Server and the AD Server that holds the management directory. The management directory is defined on the Objects Management tab in the Properties window of the LDAP Account Unit.

To create an access role:

1. In the object tree, click New> More > Users > Access Role.

   The New Access Role window opens.

2. Enter a Name for the access role.
3. Enter a Comment (optional).
4. Select a Color for the object (optional).
5. In the Networks pane, select one of these:
   • Any network
   • Specific networks - For each network, click and select the network from the list
6. In the Users pane, select one of these:
   • Any user
   • All identified users - includes any user identified by a supported authentication method (internal users, Active Directory users, or LDAP users).
   • Specific users/groups - For each user or user group, click and select the user or the group from the list
7. In the Machines pane, select one of these:
   • Any machine
   • All identified machines - includes machines identified by a supported authentication method (Active Directory).
   • Specific machines - For each machine, click and select the machine from the list
8. In the Remote Access Clients pane, select the clients for remote access.
9. Click OK.

Identity Awareness engine automatically recognizes changes to LDAP group membership and updates identity information, including access roles. For more, see the R80.10 Identity Awareness Administration Guide.