User1. Restricted access (1).The tool supports interface of Foresight Analytics Platform 9 or earlier.
The level-based access control method is used to grant permissions via platform means and is based on assigning a criticality label to system objects and subjects. The method is similar to mandatory access control method.
NOTE. The security level-based access control method can be used together with the discretionary access control method.
If the security level-based access control method is used, all system objects and subjects are assigned with a security level. All security levels have different criticality labels. The security level has a higher security if the value of its criticality label is lower.
The Level-based access control method is set up by:
The owner of the ADMIN schema.
Members of the Administrators group.
Users with the following privileges: Login; Changing User Permissions, Distributing Roles, Changing Policy; Changing Security Label and Access Control List of Any Object. Browsing all objects in the navigator; Read and Write Permission for All Objects.
Information security administrator on administrator roles separation.
To use the level-based access control method:
Select the Use Security Levels checkbox on the Access Control tab of the policies editor.
Create user accounts and groups of users.
Add security levels.
Level-based control determined possibility to read and edit objects; permissions to delete objects are not determined by the control. In this context, editing objects means changing their contents or access permissions.
A subject can read an object and write to it if the user criticality label is lower than or equal to object criticality label.
The specific level with the security label 0 means that the user is denied to read and write information. A user with this level has no access to any repository object. If this level is assigned to an object, none of the users can have access to it.
Suppose, there are several security levels:
0. Access denied.
1. Restricted access.
2. Limited access.
3. Public access (general use).
Three users with the security levels as follows:
User1. Restricted access (1).
User2. Limited access (2).
User3. Public access (3).
Three objects with the security levels as follows:
a. Restricted access (1).
b. Limited access (2).
c. Public access (3).
Therefore, the structure of the system can be shown as the following chart:
Chart rings are objects, chart sectors are users.
Y. Objects available for read and edit.
N. Objects unavailable for users.
See also:
Selecting Access Control Methods and Their Setup | Adding Security Levels