Advanced ColdFusion Administration Previous Up One Level Next Search
Configuring Advanced Security


Specifying Resources to Protect

When you define a security context, you specify the types of resources to protect, for example, files and directories. Now you must specify exactly which resources and which actions to protect. For example, you might limit write access to files at a specific pathname.

Once you've defined resources, you define a security policy that matches resources to users and groups. You grant access to a protected resource by adding both rules and users to a policy. The users and user groups you add to a policy (you can think of them as policy holders) are authorized to use the resources protected by the security context .


Note

ColdFusion 5 introduces a new Resources View in Advanced security. This view provides and easy-to-use, graphical way to specify resources you want to protect and add them to policies. Once you've specified user directories and created security contexts, you can configure all Advanced security settings in the new Resource View.

To protect resources:

  1. In the Advanced Server Security page, click Resources.

    You see the Resource View page.

  2. Select a security context from the Current Security Context drop-down box.

    In the Resource Browser, any resource type you selected when you created the current security context appears next to an icon that depicts a closed lock. This icon indicates that you can protect individual resources of this type. Resource types you did not select when you created the current context appear next to an icon that depicts an open lock.

  3. In the Resource Browser, select a resource type and then click the Add Resource button at the bottom of the page.

    You see the Add Resource dialog. The contents of this dialog are different for each resource type. For example, if you select CFML Tags, you see a drop-down list that contains all the ColdFusion tags; if you select Files and Directories, you see a text box where you enter the name of the file or path to protect.

  4. Specify the resource to protect and click OK.

    You see the Resource View page again. At the bottom of the page, you see the Policy Editor for the resource you just specified.

  5. Click Add Policy.
  6. Enter a name for the new policy and click OK.

    For example, you could create a top-level security policy, called Platinum, to grant to certain users broad access to protected resources.

  7. Write a description of the policy and click OK.

    You see the Resource View page again, showing the policy you just created. Other available policies appear in a drop-down box at the bottom of the page.

  8. Select the check boxes that correspond to the actions you want to protect.

    Now you can add users to the policy.

To add users and groups to a policy:

  1. Click the Edit Users button at the bottom of the Resource View page to open the Users page for the current policy. Click the Add/Remove button. ColdFusion opens the Add/Remove Users page for the current policy.
  2. Select from the available groups on the right side of the list control and click the left arrow to add them to the current policy. To add individual users, you enter a login name in the Enter User box and click Add.

Note

Only groups are displayed when you add users to a policy. To enter an individual user, you must know the user login and enter it in the Enter User box. Displaying a list of all possible individual users, which could easily number in the thousands, would be a very impractical means of adding individual users to a policy.


The users you have added to the security policy are now matched to the resources that you have also defined and added to the policy.

Copyright © 2001, Macromedia Inc. All rights reserved. Previous Up Next Search

Banner.Novgorod.Ru