3Com 10031370-01 Server User Manual


 
1-2 C
HAPTER
1: I
NTRODUCING
S
ECURITY
A complete description of all possible permissions appears in the Security Objects
and Permissions section later in this chapter.
A permission can be:
Grantedyou can do the action
Deniedyou cannot do the action
Inheritedyou can or cannot do the action based on the permissions defined
for your group
Irrevocableyou can do the action and the permission cannot be denied.
To learn more about the types of permissions, see Icon ListPermission Icons
on
page 1-4.
Accounts An account does for CommWorks IP Fax Solutions roughly what a domain
does for Windows NT. Here are some attributes of accounts:
Each account contains one or more users
Every user belongs to one account
Users have more rights to things that belong to their own account, than they
do to things that belong to other accounts. For example, a user might have
read-access to a public phonebook created by another user who belongs to the
same account, but would have no access to phonebooks created by users who
belong to a different account.
Each account has its own administrator. Administrators have all-powerful
privileges to things (e.g. end-users and fax-jobs) which belong to their own
account, but no privileges to things that belong to another account.
Groups Setting up and managing security is easier when objects and users are grouped.
Create groups of users to assign similar permissions. For example, you might have
a Sales User group that has permission to use the same fax port device.
Create groups of objects to assign users similar permissions to use tham. For
example, a subset of modems called Sales might be accessable only by members
of the Sales User group.
Positive and Negative
Security Permissions
Grant permission to do something (positive) or deny permission to do something
(negative). The following is an example of a negative permission:
Assume that All Fax Users have permission to use and monitor fax port
number 2. Sales users are to use this port, but are not to monitor it. In this