This page defines the set of URLs that iChain will grant access to for a specific secured resource, and the users that have access to that resource. ACL rules are only read for URLs matching a protected resource that has been defined as "Secure". The fields on this page are described below.
Allowed URLs
Add, modify, and delete a list of URLs that can be accessed by the list of approved
users. Access Control List (ACL) rules are also used to specify the URLs that will be
available for public access. In most cases, only one public access rule is required. All
of the ACL rules from a specified server are read into the iChain Proxy Server. After a
user has logged in, ACL rules control what secure resources the user can access. By
default, the user has access to nothing. Only those resources explicitly listed in the
Allowed URLs table (specified by the URL) can be accessed by an authenticated user listed
directly or as part of a group or unit in the Apply To page.
Resource Name
The resource name is a name of a protected resource that is defined in an iChain* Service
object (ISO). If this field is blank, the URL postfix must be specified as an absolute
URL (for example, http://www.novell.com/index.html, not /index.html).
URL Postfix
If a resource name is specified, the URL postfix must be given as a relative URL and may
include wildcards. The ACL rule will match requests for the combined resource name and URL
postfix, including wildcards. If a resource name is not specified, the URL postfix
must specify an absolute URL.
Wildcards
An asterisk (*) as the last character indicates that the user can have access to the
folder content and all subfolders. A question mark (?) as the last character indicates
that user can have access to the folder contents, but not the subfolders. For example, the URL
Extension http://www.novell.com/? would grant a user access to http://www.novell.com/index.html
but not to http://www.novell.com/subdir/index.html. An asterisk used in place of the question
mark would grant access to both.
Excluded URLs
Add, modify, and delete a list of URLs that will be specifically excluded from the set
of URLs this ACL Rule will grant access to. These are defined in the same manner described in
Allowed URLs above. For example, if you have http://www.novell.com/* in the Allowed URLs list,
you can enter http://www.novell.com/secure/* in the Excluded URLs list to deny access to all
files in the /secure subfolder. Wildcards also work as described above.
Apply To List
This field allows you to specify a list of resources to which this access control rule
will control access. You may specify a list of users, groups, Organizational Units, and
Organizations. An authenticated user who belongs to this list and is not in the Exception
List will be granted access to the URLs listed in the Allowed URLs list. Press the add button
(+) to add a resource to the list, the delete button (x) to delete a resource from the list,
or the dynamic ACL query button to setup a dynamic access query for this ACL rule. For more
information on setting up dynamic access queries see Dynamic Access
Query Setup.
Exception List
This field allows you to specify a list of resources that are to be denied access to the
URLs in the Allowed URLs list. You can specify a list of users, groups, Organizational Units,
and Organizations. An authenticated user who belongs to the Exception List and is also in the
Apply To List will be denied access to the specified resource URLs. Press the add button
(+) to add a resource to the list or the delete button (x) to delete a resource from the list.
* Novell trademark. ** Third-party trademark. See Legal Notices.