A Security Policy object is created in the Security container when you install NMAS. The Security Policy object allows you to create, view, and rename names for clearances, security labels and categories for your NMAS implementation. You can then use these names to assign the security labels to any eDirectory attribute or NetWare volumes. You can also assign clearances to User objects in your eDirectory tree from the user's property page.
You can define secrecy and integrity categories that can be used to create security labels in addition to the three integrity and three secrecy categories (Biometric, Token, Password) that are predefined. For example, Biometric integrity and secrecy categories represent that access to an object is restricted to users logging in with a biometric method.
After you have created a category, you cannot delete it. You can view or rename it.
In ConsoleOne, double-click the Security Container > click Security Policy.
Click the Define Categories tab, then select either Secrecy Categories or Integrity Categories.
Click Add, then specify a name for the category.
Click OK.
The new category will now be available for use in defining a security label.
NMAS provides eight security labels by default. Security labels are also used as single-level security clearances.
After you have created a security label, you cannot modify it or delete it. You can view its properties and rename it.
When you create a clearance, you will select two labels, a Read label and a Write label. The Read label must dominate or be equal to the Write label. In fact, when creating a security clearance, you won't have the option to select a Write label that dominates the Read label.
For example, the Password & Token security label has dominance over the Password security label, so you could select the Password & Token label as your Read label and the Password label for your Write label.
You can also define your own security clearances to meet your company's authentication needs.
After you have created a clearance, you cannot modify it or delete it. You can view its properties and rename it.
In ConsoleOne, double-click the Security Container > Security Policy.
Click the Clearances tab > Definition.
Click New Clearance, then specify a name for the clearance.
Select a security label from the Read label drop-down list.
This label is the Read label for this clearance. You must select a Read label before you can select a Write label.
Select a security label from the Write label drop-down list.
This label is the Write label for this clearance. You can't select a Write label that has greater dominance than the Read label.
Click OK or Apply.
A quick way to determine the access rights a clearance will allow to objects assigned to a particular label is to view the Access page. Click Clearance > Access. This page tells you the clearance that a user will need to have Read and Write access, Read-only access, and No access to information and resources with a specific label.
To view the access rights for a clearance: