[Dr.WoW] [No.44] Configuring Role Authorization

Latest reply: Oct 26, 2015 02:32:18 2294 1 0 0

In SSL VPN services, the company administrator can create different "special menus" for different users, achieving access control over Web resources and non-Web resources. On Huawei's firewalls, control over different users' access of multiple resources is completed through role authorization. All users in one role have the same permissions. The role is the bridge that connects users/groups with service resources, and the administrator can add users or groups with the same permissions into a role, and then associate service resources into that role.

Figure 1-1 shows that a role can contain multiple users/resources, and can also be associated with multiple service resource items.

Figure 1-1 Relationship between role and user/user group and resources

[Dr.WoW] [No.44] Configuring Role Authorization-1312157-1 

The specific controls that can be linked to these roles are as follows:

l   Service authorization (enable)

Designates the services (such as Web proxy, file sharing, port forwarding and network extension) that users within a role can use.

l   Resource authorization

For the Web proxy, file sharing and port forwarding services, assuming the service has already been enabled, this designates the specific resources that can be accessed. If specific resources are not designated, users within the role will be unable to access any resources.

For the network extension service, assuming the service has already been enabled, user-based security policies can be used to conduct permission control over remote user access to resources. For specifics please see "8.7.2 Configuring a Security Policy in a Network Extension Scenario."

According to the above approach, we've created different roles (usera and master) for ordinary employees and managers, and then designated different resources for them. In this way we can achieve finely granular, role-based resource access control.

Figure 1-2 Configuring role authorization

[Dr.WoW] [No.44] Configuring Role Authorization-1312157-2 

After completing the above configuration, ordinary employees and managers will see their own respective resource interface after logging in to the virtual gateway, as shown in Figure 1-3.

Figure 1-3 Resource interfaces after user login

[Dr.WoW] [No.44] Configuring Role Authorization-1312157-3 

 

To view the list of all Dr. WoW technical posts, click here.

  • x
  • convention:

user_2790689
Created Oct 26, 2015 02:32:18 Helpful(0) Helpful(0)

Thank you.

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login