Permissions
Since version 4.3, BYODAPP Advanced Security offers a Permissions functionality, allowing the administrator to manage and/or inspect users/groups privileges.
On the Permissions dashboard, the list of users and groups and the list of available files, folders registries and printers are showed side-by-side.
Everything is visible at one sight, which makes it super easy to Inspect and Manage/Edit privileges for one user at a time and therefore to increase the accuracy of the restrictions.
Manage Permissions
On the Manage tab, for each user or group selected on the left tree view, you can:
- Deny - When clicking on the Deny button, the selected user will be denied privilege on the selected filesystem object. If a file is selected, then the selected user is denied the privilege of reading the selected file (FileSystemRights.Read). If a directory is selected, then the selected user is denied the privilege of reading and listing the directory content (FileSystemRights.Read and FileSystemRights.ListDirectory).
- Read - When clicking on the Read button, the selected user will be granted privilege on the selected filesystem object. If a file is selected, then the selected user is granted the privilege of reading the selected file and executing if the file is a program (FileSystemRights.ReadAndExecute) . If a directory is selected, then the selected user is granted the privilege of reading and listing or executing the directory content (FileSystemRights.ReadAndExecute and FileSystemRights.ListDirectory and FileSystemRights.Traverse).
- Modify - When clicking on the Modify button, the selected user will be granted privilege on the selected filesystem object. If a file is selected, then the selected user is granted the privilege of modifying the selected file (FileSystemRights.Modify) . If a directory is selected, then the selected user is granted the privilege of modifying and listing the directory content, as well as creating new files or directories (FileSystemRights.Modify and FileSystemRights.CreateDirectories and FileSystemRights.CreateFiles and FileSystemRights.ListDirectory and FileSystemRights.Traverse).
- Ownership - When clicking on the Ownership button, the selected user will be granted full control over the selected filesystem object (FileSystemRights.FullControl).
Same permissions options are possible for each Registry, by selecting the corresponding button under the right-tree view :
And for each Printer:
Please note that all permissions denied or granted to a directory are applied recursively to the filesystem objects contained by this directory.
The diagram below details the API calls when rights are applied to a filesystem object:
Documentation:
Inspect Permissions
On the Inspect tab, for each folder, subfolder or file selected on the left tree view, you can see the corresponding attributed permissions to users or groups on the right tree view.
You can refresh the status of the folders for them to be updated in real-time.
An Audit can be enabled by selecting the desired folder, subfolder or file and click on the "Enable Audit" button at the top:
The "View Audit" button allows you to see the corresponding audit on the Event Viewer:
Same Inspections possibilities are available for each registry and printer by selecting the corresponding button under the left-tree view :