Quick help – typical rights configuration scenario |
This section presents the scenario for setting access rights in a typical situation: operations on undefined USB devices are blocked (in particular, writing to files and executing files), while extended rights are assigned to a specific device, in this case - a corporate flash drive. A corporate flash drive is used by a certain group of users (in the following example - a department represented by Support map), which allows the transfer of corporate data between the workstations. Blocking the rights to write and execute for undefined USB devices To set the rights for a USB device: 1.Right click Atlas (Users tab) and navigate to the Atlas info window. 2.Navigate to the DataGuard tab and select the device group Other USB storage devices marked with the icon. Press Enter or double-click the selected row. 3.Set the access rights as shown in the following image and press Enter.
With such a configuration of rights, it is possible to read files from external media, but the ability to write data or run executables is blocked. If the audit is toggled on, users’ actions related to external media are monitored, i.e. the information on read files and writing/execution attempts are collected. The connecting and disconnecting of an external device is always monitored, regardless of the audit option setting. Creating a map of users utilizing the corporate flash drive If the corporate flash drive is available for a certain department or user group, creating a group enabling the easy management of access rights for these users is recommended. To create a group: 1.Right click the selected group or folder and select New / Group option.
2.Click the caption or use the Properties option to assign a name to the created map. To add a group to another (parent) group, navigate to its properties.
The next step is to copy the appropriate users to the created group. For this purpose, just select the users and drag the to the appropriate group. Setting rights for a corporate flash drive A corporate flash drive allows data to be transferred within a certain group of users. Therefore, file reading and writing are allowed for the given device. Program execution is still blocked to prevent the distribution of viruses. The enabled audit allows all operations performed on the given USB drive to be monitored. To set the access rights for a USB device: 1.In nVision’s main toolbar, select the Manage trustees option from the DataGuard section. 2.Click the Add access rights button and select the corporate flash drive from the list. 3.Set the access rights as shown in the following image and press Enter. Now users belonging to the Marketing group can read and write data from the Corporate Flash Disk” device. |