Managing Rules

How to:

Rules are always created by first selecting a resource from either the Resources tree or from within the Security Center. You can place rules on any resource, including:

Procedure: How to Create a Rule on a Content Resource

  1. In the Resources tree or content area, right-click a node or content resource, point to Security, and then click Rules.
  2. Select a subject.
    • To select a group, click the group name.
    • To select a user, first select the Users tab, then click the user name.

    The list of available roles displays in the Rules for Group field, filtered to All Roles that can be used with this resource. Roles that are already being used in a rule with this resource and subject are bolded.

  3. Select a role.

    By default, all roles that can be used with the content resource will appear in the Rules for Group list. To limit the roles displayed, select one of the following filters from the Roles drop-down list:

    • Custom. User-defined.
    • Common. Often applied to resource type.
    • Roles. Legacy Roles and Privileges.
    • Advanced. Less often applied to resource type.
  4. In the Access column, set the access for each role to Permitted, Denied, Over Permitted, or Clear Inheritance.

    Not Set is the default and does not need to be selected unless another access type is inherited from a parent resource, which will be indicated in the Inherited Rule column.

  5. In the Apply To column, set the scope of the rule to Folder and Children, Folder Only, or Children Only.

    These settings can also indicate groups and subgroups, portals and portal pages, or any other objects that have a hierarchical relationship within IBFS.

  6. Click Apply if you intend to continue and create additional rules for the selected subject on the selected resource, or click OK to save the current rule and exit the Security Rules dialog box.

Procedure: How to Create a Rule on a Group, User, or Role

  1. In the Security Center, on the Users & Groups tab, select a resource.
    • To select a user, right-click the user name, point to Security, and then click Rules.
    • To select a group, right-click the group name, point to Security, and then click Rules.
    • To select a role, select the Roles tab, right-click the role name, point to Security, and then click Rules.
  2. Select a subject.
    • To select a group, simply click the group name.
    • To select a user, first select the Users tab, then click the user name.

    The list of available roles displays in the Rules for Group or the Rules for Users field, filtered to All Roles that can be used with this resource. Roles that are already being used in a rule with this resource and subject are bolded.

  3. Select a role.

    By default, all roles that can be used with the content resource will display. To limit the roles displayed, select one of the following filters from the Roles drop-down list:

    • Custom - User-defined.
    • Common - Often applied to resource type.
    • Roles - Legacy Roles and Privileges.
    • Advanced - Less often applied to resource type.
  4. In the Access column, set the access for each role to Permitted, Denied, Over Permitted, or Clear Inheritance.

    Not Set is the default and does not need to be selected unless another access type is inherited from a parent resource, which will be indicated in the Inherited Rule column.

  5. In the Apply To column, set the scope of the rule to Folder and Children, Folder Only, or Children Only.

    These settings can also indicate groups and subgroups, portals and portal pages, or any other objects that have a hierarchical relationship within IBFS. This selection becomes available only after you select a value for this rule in the access column.

  6. Click Apply if you intend to continue and create additional rules for the selected subject on the selected resource, or click OK to save the current rule and exit the Security Center.

Procedure: How to Remove a Rule From a Resource

  1. In the Resources tree or content area, right-click a node or content resource, point to Security, and then click Rules.
  2. Select the group or user that is the subject of the rule.
  3. In the Access column of the Rules for User or Group list, set access to Not Set for each undesired role.
  4. Click Apply if you want to make more changes, or click OK to save your changes and exit the Security Center.

Procedure: How to View Rules on a Resource

To discover who has access to a resource, right-click the resource, point to Security, and then click Rules on this Resource. Select Include Inherited Rules to include rules that are in effect through inheritance. Click a column header to sort by that field. To produce a rich text version of the information displayed in the dialog box, click Create Report.

Procedure: How to View Rules for a Group or User

To discover which resources a group or user can access, right-click the group or user, point to Security, and then Rules for this Group or Rules for this User. Click a column header to sort by that field. To produce a rich text version of the information displayed in the dialog box, click Create Report.

Reference: Understanding the Rules on This Resource Dialog Box

The Rules on this Resource dialog box displays all rules assigned to a selected resource, including those it inherited from parent resources. From this dialog box, you can review the rules assigned to your selected resource and produce a report based on this display for later review.

All resources maintain a set of rules that determine the ways in which different groups and users may interact with them. Each entry in the Rules on this Resource dialog box lists a rule assigned to a resource. The components of that rule link individual users or groups to a pre-configured role. The role assigned to a rule grants the users and groups linked to it the privilege to use a resource in a way that corresponds to their needs and responsibilities. The assignment of multiple rules to a resource ensures that the availability of that resource corresponds to the varying needs and responsibilities of a wide range of users.

Each rule contains the following components:

Subject

A group or user to which the rule applies. Groups and users are defined in the Security Center.

Access

The availability of a resource to a group of users. Values include Permitted, Denied, Over Permitted, or Clear Inheritance. This value also indicates whether or not a permission was inherited from a parent resource.

Role

A set of permissions used to take a specified action. Roles are defined in the Security Center.

Apply To

The range of resources in the hierarchy to which this rule applies. Values include Folder and Children, Folder Only, or Children Only. These settings can also indicate groups and subgroups, portals and portal pages, or any other objects that have a hierarchical relationship within IBFS.

Set On

The folder or sub folder within the Resources tree at which a specific rule was set. For example, if set to /WFC, the rule applies to all resources in the tree. If set to /WFC/Repository, the rule only applies to resources in the Repository node.

Additional features in this dialog box adjust the display of rules, and generate a report based on the display.

The Include Inherited Rules check box turns the display of inherited rules on and off. Select this check box to include roles inherited from folders or objects in the display.

The Create Report button produces a rich text version of the list of rules that you can save or print. The report created from this dialog box includes the date and time on which it was created along with the resource name. It serves as a record of the set of rules assigned to that resource at the specific time of the report.

Procedure: How to View Rules Which Use a Selected Role

We recommend that you check where a role is used before deleting it.

  1. In the Security Center, click the Roles tab.
  2. Right-click a role, point to Security, and then click Rules using this Role.
  3. To produce a rich text version of the information displayed in the dialog box, click Create Report.