Adding Security Categories and Levels

To add security categories and levels, use the Mandatory Access Control section on the navigation panel.

NOTE. When roles of information security administrator and application administrator are separated, the Mandatory Access Control tab is available only for information security administrator.

The section is based on the mandatory access control method and is used to generate a list of security categories and levels that will be used to separate permissions.

Make sure that the Use Mandatory Access Control checkbox is selected in the access control.

NOTE. In the web application, the list of security categories and levels is shown as a hierarchy.

To add a security category:

In the web application click the Create Category button on toolbar.

In the desktop application execute one of the operations:

Click the Add button below the Categories list.
Select the Mandatory-Access Control > New Category main menu item.

After executing one of the operations the Category Parameters dialog box opens:

Set parameters in the Category Parameters dialog box or on the Properties side panel:

Name. Name of the security category to be created. It is determined by the administrator according to the category purpose.
Category Type. Security category type is determined:

Hierarchical. When the Hierarchical checkbox is selected, levels are compared by values of the access control. Label comparison results in a higher or lower access level.
Non-hierarchical. When the Hierarchical checkbox is deselected, label comparison may result in label matching or mismatching, that is, scopes of security levels do not overlap.

For details about hierarchical and non-hierarchical categories see the Setting Up Mandatory Access Control section.

To add security levels in the selected category:

In the web application click the Create Level button on toolbar. Set security level parameters on the Properties side panel.
In the desktop application click the Add button located below the Levels list. The Security Level Parameters dialog box opens.

To edit a security category or level:

In the web application select security category/security level. On the Properties side panel make necessary changes in the security category or security level settings.

In the desktop application double-click the selected list element. The same dialog box opens as on adding a category or level.

To delete a security category or level:

In the web application click the Delete button on toolbar.

In the desktop application click the Delete button located below the list.

In the web application click the Save button on the toolbar or on the side panel.

In the desktop application execute one of the operations:

Select the Repository > Apply Security Policy main menu item.
Click the Apply Security Policy button on the toolbar.

NOTE. If section parameters have been changed, an attempt to go to another section of the security manager or to close it displays a request to apply changed settings.