Previous | Security Administration Manager | Next |
The left-hand panel of the Security Administration Manager (the security object hierarchy) shows the securable objects that have been loaded into the Security Administration Manager. The right-hand panel shows details of the object selected in the hierarchy. See The Security Administration Manager.
The security object hierarchy shows the securable objects that have been loaded into the Security Administration Manager.
If the Security Administration Manager is launched from an instantiated object, the security object hierarchy will be automatically populated with objects, interfaces, and methods. If these objects are then assigned security access entries, they will be added to persistent storage.
When the Security Administration Manager is launched from a Service node, the security object hierarchy is empty. To populate it with entries from persistent storage, right-click on the root node and use one of the pop-up menu options, described below.
Different objects in the Security Administration Manager are identified by different icons in the security object hierarchy tree view.
The following options are used to populate the security object hierarchy. These options are accessed by right-clicking on the root node of the security object hierarchy.
This option retrieves the first 100 entries in the XML file. For performance reasons, the number of entries displayed at any one time is limited to 100.
This option is enabled after the Get First 100 Security Access Entries option has been used. This option retrieves the next 100 security access entries from the XML file. The previous 100 entries are removed from the hierarchy, so that a maximum of 100 entries are displayed at one time.
This option allows a single interface to be loaded from persistent storage. Enter an interface name in the dialog box displayed when this option is selected. If an entry exists in persistent storage for the object, or a method or interface relating to the object, the details are retrieved and added to the security object hierarchy.
This option allows a new security access entry to be added for an interface. Enter an interface name in the dialog box displayed when this option is selected. If an entry exists in persistent storage for the object, or a method or interface relating to the object, the details are retrieved and added to the security object hierarchy. If it does not exist, the details will be added to the security object hierarchy and a persistent storage entry will be created if Principals are added and saved.
In some circumstances, it is only possible to secure an object at the object level, not at the method level. In this situation, it is useful to exclude the object's methods from the object hierarchy. See Excluding Methods from the Security Manager for details.
The Security Administration Manager adds a new button to the tool bar.
Save Changes to Security Access Entries Saves security access entries to XML files for persistent storage. |
The Principals panel controls security access for the object, interface, or method selected in the security hierarchy. It consists of two sections: Add new principals and Access Entry Details.
The Access Entry Details list box lists all Principals who have been granted access to the class or method. The Add new principals list box lists all Principals that are available for adding to a class or method. This list is built dynamically as each node is selected. It is not a definitive list of all known Principals.
The following operations can be performed from the Principals panel of the Security Administration Manager:
These operations are described in the following sections.
A Principal must be added to a specific class or method. It is not possible to add a Principal to the list of Principals without also assigning it to a class or method.
A new Principal will be added to persistent storage with the ACL entry for the object, interface, or method it is added to.
Once a Principal has been added to one class or method, it is available to add to other classes and methods.
Principals applied to an object or interface are not automatically applied to every method of that object or interface. The following procedure should be used to cause a method to inherit its parent's security Principals.
Note that when a Principal has been removed from all classes and methods and the changes saved, it is no longer held in persistent storage. It remains in the Principals list until the Security Administration Manager is shut down.
There are two ways in which all Principals can be removed from a class or method. The results of the two procedures are significantly different because of how empty ACLs are treated. See ACLs for more details of this.
This will leave the class or method's ACL with no Principals recorded against it. This has the effect of denying all access to the class (if Principals are removed at the class level) or method (if Principals are removed at the method level).
This will remove the class or method's ACL. This has the effect of removing all security from the class (if Principals are removed at the class level) or method (if Principals are removed at the method level) and allowing anyone access to it.
This procedure will delete all security access entries for an object or interface, and all security access entries for methods of that object or interface.
Note that the deleted Principals remain in the Principals list until another node in the security object hierarchy is selected.
Changes to the security configuration for a Service can be performed while the Service is running or halted, but changes made while the Service is running will not be immediately implemented. There are two ways in which security changes can be passed to a running Service:
This panel is only displayed when the Security Administration Manager has been invoked from a Service node (see Starting from a Service node).
The Interfaces panel lists the interfaces for the class selected in the security object hierarchy. These interfaces may have their own security access settings, and so can be loaded into the security object hierarchy.
To load an interface class into the hierarchy:
The class (including all of its methods) is loaded as a separate node in the security object hierarchy, and if it has access details in persistent storage they are retrieved and loaded also.
Previous | Security Administration Manager | Next |