Administrative Access Rules

Administrative Access rules allow you to specify access and encryption settings for local and remote Fm Variable:Filename (Short) administrators.

Local Administrative Access

The Local Access Rules dialog window lets you add or modify administrative access rules for local Administration Stations. Use the fields in the dialog window to type the configuration information for the rule.

• Rule Index (No) -- (Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed bottom of the list). If you type a lower number, the new rule is inserted into the specified position in the list, and the rules currently in the configuration are renumbered.

• Screen -- (Optional) Specifies the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use centralized management and want a rule to apply to a specific Screen.

• User -- Lists the user names of SunScreen EFS administrators. Use the names that you defined for the Administrative User object.

• Access Level -- Specifies what actions the designated user can perform:

  • ALL -- Allows administrator to display and modify all setting for the Screen.

  • WRITE -- Administrator can perform all operations except modifying the Administration Access rules for any Policy.

  • READ -- Administrator can view both the Information and Policy. This level also allows the user to save and clear logs on the information page. With this access level users cannot modify any Policy data.

  • STATUS -- Administrator can display status information (logs, statistics, status information) but cannot display or modify management settings.

  • NONE

• Description -- (Optional) Provides a brief description of the Administrative Access rule.

Remote Administrative Access

The Remote Access Rules dialog window lets you add or modify administrative access rules for remote administration stations. Use the fields in the dialog window to type the configuration information for the rule.

• Rule Index (No) -- (Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed bottom of the list). If you type a lower number, the new rule is inserted into the specified position in the list, and the rules currently in the configuration are renumbered.

• Screen -- (Optional) Specifies the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use centralized management and want a rule to apply to a specific Screen.

• Address Object

• User -- Lists the user names of SunScreen EFS administrators. Use the names that you defined for the Administrative User object.

• Encryption -- Specifies the version of SunScreen SKIP being used to encrypt traffic between the Screen and the Administration Station.

• Certificate Group -- Specifies the name of the certificate group allowed in over this interface, which can correspond to a single certificate or a certificate group.

• Key Algorithm -- Identifies the algorithm used to encrypt traffic-encrypting issued certificates (keys). The algorithms available depend on the version of SunScreen EFS (U.S.&Canada, Export Controlled, or Global) you are using.

• Data Algorithm -- Identifies the algorithm used to encrypt message traffic between the Screen and the Administration Station. The algorithms available depend on the version of SunScreen EFS (U.S/Canada,Export Controlled, or Global) you are using.

• MAC Algorithm -- Identifies the algorithm used to authenticate traffic.

• Tunnel -- Identifies the Tunnel address used for the communication between the remote Administration Station and the Screen.

• Access Level -- Specifies what actions the designated user can perform:

  • ALL -- Administrator can display and modify all setting for the Screen.

  • WRITE -- Administrator can perform all operations except modifying the Administration Access rules for any Policy.

  • READ -- Administrator can view both the Information and Policy. This level also allows the user to save and clear logs on the information page. With this access level users cannot modify any Policy data.

  • STATUS -- Administrator can display status information (logs, statistics, status) but cannot display or modify management settings.

  • NONE

• Description -- (Optional) Provides a brief description of the remote administrative access rule.