Your print system is designed to take full advantage of eDirectory™. You receive all the benefits of eDirectory security and the easy management provided by the industry’s most advanced and robust directory service. The Access Control feature lets you specify the access that each User, Group, or container object has to your printing resources.
Access control roles are mutually exclusive, even though the same individual might need to perform tasks reserved for different roles. For example, only printer Managers can add or delete printer Operators or printer users. In a similar way, Managers and Operators must also be designated as Users for a printer before they can submit print jobs to it.
In actual implementation, the defaults prevent most problems that might occur from these distinctions. For example, a Manager is automatically designated an Operator and User, an Operator of a printer is automatically designated a User of that printer. You cannot remove the User role from an Operator, and you cannot remove the Operator and User roles from a Manager.
The creator of an object is automatically granted privileges for all available roles for the type of object being created.
The following sections describe some of the security issues and features you might find useful as you plan your print system setup:
Printer security is ensured through the assignment of the Manager, Operator, and User access control roles and by the strategic placement of your printers and printer configurations.
You can assign multiple Printer objects to represent a single Printer Agent. You can then make different access control assignments to each Printer object. This can be an especially useful option if you want to allow users in different containers to use the same printer, because each group of users can be given different rights to the printer.
A physical printer cannot be a controlled access printer and a public access printer at the same time. However, if you delete all the Printer objects representing a Printer Agent, that printer becomes a public access printer.
IMPORTANT:We recommend that you do not use public access printers because you lose management capabilities. Using controlled access printers lets you manage printers through iManager, use the printer with iPrint, and take advantage of advanced iPrint features such as downloading printer drivers.
The following sections describe security options for printers in more detail:
Different User, Group, or Container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each should have.
The following table describes the rights and privileges associated with each of the printer access control roles.
Table 8-1 Printer Access Control Roles
Different User, Group, or container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each should be given.
In Novell iManager, click > .
Browse to and select the printer you want to enable Access Control for.
Click .
Add or delete Users, Groups, or Container objects to the different access control roles.
Click .
In addition to configuring access control through printers, you can also configure access control through User objects.
The following procedure assumes that you are modifying the attributes for an existing User. You can also adapt this procedure if you are creating a new User object.
From the NetWare Administrator browser’s menu, select the User object you want to configure access control for, and then click .
A list of available printers is displayed with icon representations of the three Access Control roles: , , and .
Select the printer that you want to assign this user an access control role for.
Select the roles you want this user to be assigned for this printer.
If you select , this user is automatically assigned and roles as well. and roles are assigned independently. Keep in mind that a User object must be assigned the access control role of User in order to submit print jobs to that printer.
(Optional) Click the button to configure event notification for this user.
Click .
Depending on your organization’s needs, you can attach printers directly to NetWare® servers or to the network. Both types of setup can provide security and administrative advantages. The ideal combination for each installation is different and changes as needs change. Be sure to consider the advantages of each approach when you set up your network.
Connecting the printer to the server places the two resources in close proximity to each other. If the server is in a secure location, this means that the printer is locked up with the server. This might be an advantage. For example, your company might use that printer to print confidential documents. Having the printer in a secure location protects these documents.
Because most printers are already network-enabled, the most common type of network setup includes printers attached directly to the network. This allows the printer to be placed in a convenient location for all users, and places it away from the server for security reasons. Users who use the printer do not usually have access to the server console. Security is still maintained by requiring users to use a password to log in to the network before they can use the printer.
Print Manager security is ensured through the assignment of the Manager access control role.
The only access control role available for the Print Manager is that of Manager. The following table explains the tasks performed by the Manager role.
Table 8-2 Print Manager Access Control Role
In Novell iManager, click > .
Browse to and select the Print Manager you want to enable access control for.
Click .
Add or delete Users, Groups, or Containers to the Manager role.
Click .
Broker security is ensured through the assignment of the Manager access control role and by the optional assignment of a password to the Broker.
The access control roles available to the Broker are Manager and Public Access User. The following table explains the roles.
Table 8-3 Broker Access Control Roles
To make Manager assignments for your Broker objects
In Novell iManager, click > .
Browse to and select the Broker you want to enable access control for.
Click the .
or Users, Groups, or Containers to the Manager role.
Click .