SunScreen 3.1 Reference Manual

Administrative Access Tab

The Administrative Access rules tab shows access and encryption settings for local and remote administration. FIGURE 5-45 shows the Administrative Access tab. You set the values reflected on the two panels of this tab through the dialog box for each panel.

Figure 5-45 Administrative Access Tab

Access Rules for GUI Local Administration

Use the Access Rules for GUI Local Administration dialog box , shown in FIGURE 5-46, to add or modify administrative access rules for local Administration Stations.

Figure 5-46 Local Access Rules Dialog Box

TABLE 5-42 describes the controls for the Local Access Rules dialog box.

Table 5-42 Controls for the Local Access Rules Dialog Box


Control	Description
Rule Index	Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed bottom of the list). If you type a lower number, the new rule is inserted into the specified position in the list, and the rules currently in the configuration are renumbered.
Screen	(Optional) Specifies the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use centralized management and want a rule to apply to a specific Screen. The default All applies to all Screens.
User	Lists the user names of SunScreen administrators. Use the names that you defined for the Administrative User object.
Access Level	Specifies what actions the designated user can perform. ALL - Allows the administrator to display and modify all setting for the Screen. WRITE - The administrator can perform all operations except modifying the Administration Access rules for any Policy. READ - The administrator can view both the Information and Policy. This level also allows the user to save and clear logs on the information page. With this access level users cannot modify any Policy data. STATUS - The administrator can display status information (logs, statistics, status information) but cannot display or modify management settings. NONE - The administrator no longer has any access. This switch prevents an administrator who had access from logging in without having to remove that administrator from the database.
Description	(Optional) Provides a brief description of the Administrative Access rule.
Move	Allows you to assign a new rule index number for the rule that you highlighted in the Access Rules for GUI Local Administration panel of the Administrative Access tab.
Delete	Deletes the access rule that you highlighted in the Access Rules for GUI Local Administration panel of the Administrative Access tab.
Help	Displays the online help.

The Access Rules for Remote Administration

Use the Remote Access Rules dialog box , shown in FIGURE 5-47, to add or modify administrative access rules for remote administration stations. The certificates used here must be of the same strength and type as those defined in the screen object. The entries here determine what type of remote Administration Station the Screen will accept. The Screen only uses the administration certificate field of the Screen object here.

Figure 5-47 Remote Access Rules Dialog Box

TABLE 5-43 describes the controls for the Remote Access Rules dialog box.

Table 5-43 Controls for the Remote Access Rules Dialog Box


Control	Description
Rule Index	(Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed bottom of the list). If you type a lower number, the new rule is inserted into the specified position in the list, and the rules currently in the configuration are renumbered.
Screen	(Optional) Specifies the Screen for which you want the rule to apply. Type a specific Screen name in this field if you use centralized management and want a rule to apply to a specific Screen. The default All applies to all Screens.
Address Object	Specifies from where users may initiate a connection.
User	Lists the user names of SunScreen administrators. Use the names that you defined for the Administrative User object.
Encryption	Specifies the version of SunScreen SKIP being used to encrypt traffic between the Screen and the Administration Station.
Certificate Group	Specifies the name of the certificate group, which can correspond to a single certificate or a certificate group, allowed over this interface.
Key Algorithm	Identifies the algorithm used to encrypt traffic-encrypting keys. The algorithms available depend on the strength of encryption (128 bit, or 56 bit) that you are using with SunScreen.
Data Algorithm	Identifies the algorithm used to encrypt message traffic between the Screen and the Administration Station. The algorithms available depend on the strength of encryption (128 bit or 56 bit) that you are using with SunScreen.
MAC Algorithm	Identifies the algorithm used to authenticate traffic.
Tunnel	Identifies the tunnel address used for the communication between the remote Administration Station and the Screen.
Access Level	Specifies what actions the designated user can perform: ALL - The administrator can display and modify all settings for the Screen. WRITE - The administrator can perform all operations except modifying the Administration Access rules for any Policy. READ - The administrator can view both the Information and Policy. This level also allows the user to save and clear logs on the information page. With this access level users cannot modify any Policy data. STATUS - The administrator can display status information (logs, statistics, status) but cannot display or modify management settings. NONE - The administrator does not have access.
Description	(Optional) Provides a brief description of the remote administrative access rule.
Move	Enables you to assign a new rule index number for the rule that you highlighted in the Access Rules for Remote Administration panel of the Administrative Access tab.
Delete	Deletes the access rule that you highlighted in the Access Rules for Remote Administration panel of the Administrative Access tab.
Help	Displays the online help.