Table 17–6 lists and describes the seven example policies and roles that are created in Sun Java System Access Manager when the Instant Messaging service component is installed. You can add end users to different roles according to the access control you want to give them.
A typical site might want to assign the role IM Regular User (a role that receives the default Instant Messaging and Presence access) to end users who simply use Instant Messenger, but have no responsibilities in administering Instant Messaging policies. The same site might assign the role of IM Administrator (a role associated with the ability to administer Instant Messaging and Presence services) to particular end users with full responsibilities in administering Instant Messaging policies. Table 17–7 lists the default assignment of privileges amongst the policy attributes. If an action is not selected in a rule, the values allow and deny are not relevant as the policy then does not affect that attribute.
Table 17–6 Default Policies and Roles for Sun Java System Access Manager
Policy |
Role to Which the Policy Applies |
Service to Which the Policy Applies |
Policy Description |
---|---|---|---|
Default Instant Messaging and presence access |
IM Regular User |
sunIM, sunPresence |
The default access that a regular Instant Messaging end user should have. |
Ability to administer Instant Messaging and Presence Service |
IM Administrator |
sunIM, sunPresence |
The access that an Instant Messaging Administrator has, which is access to all Instant Messaging features. |
Ability to manage Instant Messaging news channels |
IM News Administrator |
sunIM |
End users can manage news channels by creating, deleting, etc. |
Ability to manage Instant Messaging conference rooms |
IM Conference Rooms Administrator |
sunIM |
End users can manage conference rooms by creating, deleting, etc. |
Ability to change own Instant Messaging user settings |
IM Allow User Settings Role |
sunIM |
End users can edit settings modifying values in the Settings dialog box in Instant Messenger. |
Ability to send Instant Messaging alerts |
IM Allow Send Alerts Role |
sunIM |
End users can send alerts in Instant Messenger. |
Ability to watch changes on other Instant Messaging end users |
IM Allow Watch Changes Role |
sunIM |
End users can access the presence status of other Instant Messaging end users. |
Table 17–7 Default Policy Assignments
Policy |
|||||||
---|---|---|---|---|---|---|---|
Attribute |
Default access |
Can administer Instant Messaging and Presence Service |
Can manage news channels |
Can manage conference rooms |
Can change own end-user settings |
Can send alerts |
Can watch changes to other users |
sunIMAllowChat |
allow |
allow | |||||
sunIMAllowChatInvite |
allow |
allow | |||||
sunIMAllowForumAccess |
allow |
allow |
allow | ||||
sunIMAllowForumManage |
deny |
allow |
allow | ||||
sunIMAllowForumModerate |
deny |
allow |
allow | ||||
sunIMAllowAlertsAccess |
allow |
allow |
allow | ||||
sunIMAllowAlertsSend |
allow |
allow |
allow | ||||
sunIMAllowNewsAccess |
allow |
allow |
allow | ||||
sunIMAllowNewsManage |
deny |
allow |
allow | ||||
sunIMAllowFileTransfer |
allow |
allow | |||||
sunIMAllowContactListManage |
allow |
allow | |||||
sunIMAllowUserSettings |
allow |
allow |
allow | ||||
sunIMAllowPollingAccess |
allow |
allow | |||||
sunIMAllowPollingSend |
allow |
allow | |||||
sunPresenceAllowManage |
allow |
allow | |||||
sunPresenceAllowAccess |
allow |
allow |
allow |
||||
sunPresenceAllowPublish |
allow |
allow |