Customizing Security Policies
The ARM enables operators to fine-tune the Security Level of each operator by attaching one or more ‘Security Policy’ entities to each operator.
A 'Security Policy' defines operator Security Level.
The feature allows a ‘Security Admin’ to define a stricter write (Add or Edit) Security Level of ‘Monitor’ operators to a subset of ARM actions:
|
■
|
Routing - Routing Groups and Routing Rules |
|
■
|
User Management - Adding, updating, or removing LDAP servers, Azure AD, file repository, or any local user. |
For example, attaching a Security Policy to an operator with routing permissions allows that operator to exclusively make basic edits/changes to Routing Rules.
The default behavior remains the same.
Three default Security Policies are available, one for each Security Level:
|
■
|
Monitor (without any write access) |
These default Security Polices are attached to the default ‘Operator’ shipped with the ARM.
|
●
|
‘Monitor’ Security Policy allows ‘Read All’ access to any ARM action (excluding security and license settings). |
|
●
|
Security Policy adds ‘Write’ access to some ARM actions. |
|
●
|
‘Monitor’ is the base Security Policy in the ARM. Always customize a Security Policy based on ‘Monitor’. |