test

Sun Java Communications Suite 2005Q4 Evaluation Guide

ProcedureTo Provision Users with Access Manager

In this task, you perform feature-level access control, a powerful tool that enables or disables client functionality. You create a new instant messaging role and corresponding policy that limits the instant messaging functionality to the basic features. Users assigned to this new role are not able to join conference rooms, send polls, or perform any of the other advanced instant messaging tasks.

Access Manager uses the Instant Messaging Service and the Presence Service to manage the Instant Messaging policy. The Instant Messaging Service contains the policy rules for communicating with others, as well as the ability to chat, exchange files, join conferences, send alerts, and more. The Presence Service contains the policy rules for determining the ability of users to share their presence with others, as well as to access, manage, or publish one's presence.

Steps

  1. Use a completely new web browser to start Access Manager.

    For example, http://wireless.map.beta.com/amconsole.

    If you are using Internet Explorer for the Portal Server desktop and Communications Express, start Mozilla or Firefox.

  2. Log in as user amadmin with the password adminpass.

  3. In the top level organization (o=isp), choose Roles from the View drop-down menu in the left pane of the Access Manager console.

  4. Click New to create a new role.

    1. Select Static Role, type IM Limited User in the Name field, and click Next.

    2. Define the following:

      • Description: Limited access role

      • Type of Role: Service

      • Access Permissions: Organization Administrator

    3. Click Finish to create the role.

      Now that you have created this new role, create policies that apply to this role.

  5. In the top level organization (o=isp), choose Policies from the View drop-down menu in the left pane of the Access Manager console.

  6. Click New to create a new policy.

    1. Select Normal, and type Limited access instant messaging in the Name field.

    2. Click OK.

    3. In the Description field, type Policy for Limited access instant messaging users and click Save.

  7. Choose Rules from the View drop-down menu in the right pane of the Access Manager Console.

  8. Click the New button to define rules for this policy.

    1. Select Instant Messaging Service for the Rule Type and click Next.

    2. Type IMLimitedRule for the Rule Name.

    3. Type IMResource for the Resource Name.

    4. Select all Action check boxes.

    5. Click the Deny radio button for the following Actions:

      • Ability to Exchange Files

      • Ability to Join Conference Rooms

      • Ability to Manage Conference Rooms

      • Ability to Manage News Channels

      • Ability to Moderate Conference Rooms

      • Ability to Read News

      • Ability to Send Alerts

      • Ability to Send Polls

    6. Click Finish.

    7. Click Save.

      You have successfully created an Instant Messaging Service rule for this policy.

  9. Click New to define another rule for this policy.

    1. Select Presence Service for the Rule Type and click Next.

    2. Type PresenceLimitedRule for the Rule Name.

    3. Type PresenceResource for the Resource Name.

    4. Select all Action check boxes, but do not click any Deny radio buttons.

      All Actions are allowed.

    5. Click Finish.

    6. Click Save.

      You have successfully created a Presence Service rule for this policy.

  10. Choose Subjects from the View drop-down menu in the right pane of the Access Manager console.

  11. Click New to define the mapping between policies and roles.

    1. Ensure that the Subject Type is Access Manager Roles and click Next.

    2. Type IM Limited User in the Name field then click Search to search through the list of available Access Manager Roles.

    3. Find the role isp > im limited user, highlight this role, and click Add.

    4. Click Finish.

    5. Click Save.

    The new roles and policies have been created. Next you assign Tina to this new Role and note the effect on her Instant Messaging client.

  12. Choose Roles from the View drop-down menu in the left pane of the Access Manager console.

  13. Click on the properties arrow to the right of the IM Limited User role.

    The IM Limited User pane appears.

  14. In the right pane, choose Users from the View drop-down menu.

    1. Click Add on the right pane.

    2. Type Tina in the User ID field and click Next.

    3. Select the check box next to Tina's name and click the Finish button.

      You have assigned Tina the Instant Messaging Limited User Role, so she has limited access to Instant Messaging.

    Duncan initially has kathy and robert in his Instant Messaging buddy list. The user tina has not yet been added. You can click the Start button from the same Instant Messenger window you used to start kathy. If you start Tina's Instant Messenger, notice that her window has very limited Instant Messaging functionality. This type of provisioning is feature-level provisioning that involves defining roles and policies for these roles. Changing the policy has the effect of removing or adding functionality to the client itself. You can experiment changing the policy and restarting Tina's client to observe the effect. You can also apply the appropriate role to others and see its effect as you start Instant Messaging as those users.