When you define a security context, you specify the types of resources to protect, for example, files and directories. Now you must specify exactly which resources and which actions to protect. For example, you might limit write access to files at a specific pathname.
Once you've defined resources, you define a security policy that matches resources to users and groups. You grant access to a protected resource by adding both rules and users to a policy. The users and user groups you add to a policy (you can think of them as policy holders) are authorized to use the resources protected by the security context .
Note ColdFusion 5 introduces a new Resources View in Advanced security. This view provides and easy-to-use, graphical way to specify resources you want to protect and add them to policies. Once you've specified user directories and created security contexts, you can configure all Advanced security settings in the new Resource View. |
You see the Resource View page.
In the Resource Browser, any resource type you selected when you created the current security context appears next to an icon that depicts a closed lock. This icon indicates that you can protect individual resources of this type. Resource types you did not select when you created the current context appear next to an icon that depicts an open lock.
You see the Add Resource dialog. The contents of this dialog are different for each resource type. For example, if you select CFML Tags, you see a drop-down list that contains all the ColdFusion tags; if you select Files and Directories, you see a text box where you enter the name of the file or path to protect.
You see the Resource View page again. At the bottom of the page, you see the Policy Editor for the resource you just specified.
For example, you could create a top-level security policy, called Platinum, to grant to certain users broad access to protected resources.
You see the Resource View page again, showing the policy you just created. Other available policies appear in a drop-down box at the bottom of the page.
Now you can add users to the policy.
Note Only groups are displayed when you add users to a policy. To enter an individual user, you must know the user login and enter it in the Enter User box. Displaying a list of all possible individual users, which could easily number in the thousands, would be a very impractical means of adding individual users to a policy. |
The users you have added to the security policy are now matched to the resources that you have also defined and added to the policy.