2 Replies Latest reply on Sep 5, 2012 5:04 PM by Pavel Rebenkov

    Applying authorizations to newly created system objects

    Pavel Rebenkov

      Hi all,


      I am currently implementing access control restrictions using RBAC in my environment and i having a bit of a problem understanding the use of object level authorizations.


      I have a number ACL policies that I have applied on a particular group of objects (servers for that matter), all the objects below that group received those policies, so far so good.


      but, if a user with a certain role adds a new object to that group, it receives only the permissions that were defined in the "Object Permissions Template" of that particular user's role, all the ACL policies that are applied on the rest of the objects in this group are not applied on the new object and i need to add the policies manually.


      Is there a way for an object to inherit ACL policies? or is there a more correct method for managing authorizations?


      I have to point out that I have several server platforms in the organization (unix,linux,NT,solaris...) If I have understood it correctly, managing authorizations using ACL policies in a multi-platform environment is much easier then managing them system authorizations or authorization profiles, I am quite new to this so please correct me if I'm wrong.