With NMAS, you can assign a security label to NetWare volumes and to any eDirectory attribute. Users who log in to the network can access only those areas, based upon their clearance and the resource's label.
For example, if you label a volume as Biometric & Token, an NMAS user must be assigned the Biometric & Token clearance and authenticate to the network using a Biometric & Token clearance in order to access the volume.
Authorized and default clearances can be assigned to a user, a container, a partition root, or the login policy object. NMAS searches for the authorized or default authorized and default clearances for a user by attempting to read the attributes from the User object first, then the container of the user object, then the partition root of the user object, and finally the login policy object.
The clearances assigned to the User object supersede any clearances assigned to the container, partition root, or login policy object. If a clearance has been assigned to a partition root, that clearance applies to all the users under that partition root only if a clearance has not already been individually assigned to specific users.
Also, a clearance assigned to a container applies only to the users with unassigned clearances in that container, and not to the users in subcontainers of that container.
IMPORTANT:Labels assigned to traditional NetWare volumes (non-NSS volumes) are not effective until the volume is dismounted and mounted again.
To use ConsoleOne to assign a security clearance to a volume:
In ConsoleOne, right-click a volume.
Click
> click the tab.Select a security label from the
drop-down list.Click
to finish.(Conditional) If you are using traditional NetWare volumes (non-NSS volumes), dismount and mount the volume again for the labels to take effect.
To use iManager to assign a security clearance to a volume:
In iManager, click
> .Browse for and select a volume, then click
.Click the
tab.Select a security label from the
drop-down list.Click
or .(Conditional) If you are using traditional NetWare volumes (non-NSS volumes), dismount and mount the volume again for the labels to take effect.
To use ConsoleOne to assign a security clearance to eDirectory attributes:
In ConsoleOne, click the
, then double-click the Security Policy object, then click .Click the label next to the directory attribute.
Click the down-arrow, then select a new label from the drop-down list.
After making all necessary changes, click
or to save the changes.To use ConsoleOne to assign a security clearance to eDirectory attributes:
In iManager, click
> .Browse for and select the Security container, select
, then click .Click the
tab.Click the label next to the directory attribute.
Click the down-arrow, then select a new label from the drop-down list.
After making all necessary changes, click
or to save the changes.