Administration system sorting problem of the relationship between security in one hand and functionality and ease for use in other. The ability to judge the type of information to be accessed by employees and through the same thing with fully secured entities is not an easy task. Role-based access control (RBAC) plays an important role in the separation of roles and segregation privileges. Roles are assigned to each user and policies are created to enforce access to objects (entities) by the subjects (roles). This blog describes the flexibility and functionality of the RBAC module in a NetScaler appliance.
RBAC in a NetScaler appliance has four built-in roles including the operator, read-only, Network and Superuser. The Superuser role is similar to the administrator nsroot default device. The operator allows you to perform basic operations with configuration entities. However, with the read-only, you can list the entities. The role of the network has more features compared to the role of the operator, but has some limitations. You can change these roles by changing the respective spec command using the following command.
> set system cmdPolicy
The action here can be Allow / Deny and cmdspec is the regular expression.
In addition to political default, the NetScaler Appliance contains options to create your own roles in running the "add cmdpolicy". The device's GUI contains a good user interface to create and test specification command. The screenshot below of the NetScaler GUI allows you to create regular expressions, if you are not well versed with the same.
As with any policy in the NetScaler appliance, you must appoint a control policy. In order specification, you must specify a regular expression. The analyzer of the right explains each rating you specify in the command spec field. The sample regular expression (^ show s + (?! System). *) Used in the screenshot is to allow any show command other than "entertainment system". Note that the analyzer contains the complete explanation of the regular expression.
The command test is an additional feature that you can use to test Spec control behavior for a specific command. The controls are indicated in green which corresponds to the policy and red commands are his that do not match the policy.
The NetScaler GUI provides additional flexibility to create the Spec order according to different groups of entities in the NetScaler appliance. When you click Add, the Add command dialog box is displayed as shown in the screenshot below. Here you can choose the entity's group and the operations to be allowed for this particular group. You can exclude system commands that access to system settings and require shell access.
In addition, you can choose different groups of entities and Spec order is created on the basis of selection. The Advanced tab has similar features, but the Spec order can be created for entities individually.
The next part of this blog will cover the use case deployment of this feature. Stay tuned.
0 Komentar