Skip to main content
Matrix42 Self-Service Help Center

Configure Default Rights

  1. Last updated
  2. Save as PDF

Rights Concepts

In Default policies, define default rights and settings for directory service known and unknown users, as well as directory service computers in online and offline mode. For details, see: Configuring default policies Offline mode means that the computer where EgoSecure Agent is running has no connection to EgoSecure Server.

The default policies are automatically transmitted to users and computers. You can disable the inheritance for certain users and computers and assign individual rights. Depending on the product activation, the predefined rights for computers or predefined rights for users are applied. For details, see: Activating products

EgoSecure verifies and prioritizes the permissions in the following order:

  1. Computer rights (online/offline): Take effect if Access Control is activated for a computer. In this case, it doesn’t matter if Access Control is additionally activated for a user.
  2. User rights (online/offline): Take effect if Access Control is activated only for a user. If Access Control is activated only for a user, it can be assigned to a computer to have special permissions there.

You can also define group-specific rights. The users and computers of a group get the rights of the group and no longer inherit the default policies. However, individual user/computer rights have priority over group rights.

The rights applied to a user depending on:

  • Product activation (activated for a computer or a user)
  • User registration in the EgoSecure database (known/unknown user)
  • Connection between EgoSecure Agent and EgoSecure Server (offline/online)
  • Group membership

Once a user signs in to a computer, the current permission profile is displayed on the User rights tab of the local EgoSecure Agent. The profile also indicates whether the user/computer is in online or offline mode.

Configure Default Policies

In Default policies, define default rights and default settings for the known and unknown users of the directory service, as well as for computers. When a user or a computer is added to the directory service tree of the console, it automatically inherits default rights and settings. If a user is in the directory service tree and products are enabled for the user, he is considered a known user. If a user is not in the directory service tree, or if no products are enabled for the user, he is considered an unknown user. For each of the three default profiles, a distinction is also made between online and offline profiles for the Access Control product. Offline profile means that the client on which EgoSecure Agent was started has no connection to the EgoSecure Server.

To activate Secure Audit and encryption products for a user, a computer or groups, you must first activate audit and encryption. To activate Secure Audit, go to Product settings | Audit | Audit. To activate encryption, go to Product settings | Encryption | Encryption options.

Customize default rights for known users

  • Go to User management | Directory service structure | Default policies.
  • In the User management work area, select Default rights (user).
  • Configure the rights of the default users for certain product areas. Depending on the available products, different tabs are available.

clipboard_e13cf4f22e87035d5a7f294aee501d716.png

  • In the toolbar of the product area, click Save.
  • The settings are applied to default users in online mode.
  • In the Profile drop down, select Offline.
  • Change the settings for offline default users.
  • Click Save in the toolbar.

The rights are assigned to default users in online and offline mode and automatically inherited by all known users.

Customize default rights for unknown users

  • Go to User management | Directory service structure | Default policies | Unknown users.
  • In the lower part of the work area, configure the rights of unknown users for certain device classes. For details, see Defining access rights.
  • Click Save.
  • In the Profile combo box, select Offline.
  • Define the offline settings and click Save again

The customizable default rights are automatically assigned for every unknown user, who logs on to the server. Additionally, if global filters have been created under Product settings | Filters | Content filter definition, they are applied to unknown users.

Customize default settings for users

  • Navigate to User management | Settings | Default policies.
  • Select Default rights (user).
  • In the lower part of the work area, click the User settings tab.
  • To prohibit the downloading of files via the Internet Explorer, enable the check box in the Internet work area.
  • To prohibit the usage of the clipboard, set the checkbox in the Clipboard area.
  • To disable file transfer via Skype, check the box in the Communication section.
  • To scan archives or MS Office by filters, check the corresponding checkbox in the Content filter section. The checkboxes are only available if the options under Product Settings | Filters | Settings are enabled.
  • Click Save.

Adjust computer default rights

If some products are also activated for computers or only for computers, restrictions defined for computers always have priority. For details, see Activating products.    

  • Navigate to Computer management | Directory service structure | Default policies.
  • Select Default rights (computer).
  • In the lower part of the work area, configure the rights of default computers for certain products:

clipboard_ead6089938a249aaee66b08ddfad72510.png

  • Click Save.
  • In the Profile combo box, select Offline.
  • Define the settings for the offline profile and again click Save

The rights are assigned to default computers in online and offline mode and automatically inherited by all known computer of the directory service structure.

Configure default settings for computers 

The default settings for computers are only displayed in the Settings tab of the Computer management menu. Define the settings in the Administration menu under Clients | Client settings. For details, see: Adjusting client settings. These client settings are inherited by every computer and can be customized for individual computers. For details, see: Defining settings for computer.

Customize settings for users

By default, users inherit the rights and settings from the default user. You can disable the inheritance and assign individual rights and settings to each user. User rights take effect only if the product is activated for the user and not for the computer. For details, see Activating products.

Customize settings for users

  • Go to User management | Settings.
  • See whether for the settings for Internet, Clipboard and Communication the inheritance is enabled and from where the user inherits the settings.
  • The settings in the Content filter area are available only when options under Product settings | Filters | Settings are enabled.
  • Click on the Activate individual settings check box to deactivate inheritance and change the settings

clipboard_e9f15e63afed53a1da3689647f74f308e.png

Click Save. 

The selected user now has permissions that differ from the default user.

Customize user rights for Secure Audit, Filters, Encryption and Application Control products

  • Select a user in User management.
  • In the lower part of the work area, click the tab where you want to make changes.
  • Enable the Activate individual settings option.
  • If the option is greyed out and cannot be edited, the product is not activated. For details, see Activating products.
  • Edit the settings and click Save.

Define access rights

For the access rights configuration to work, activate the Access Control product for the selected object (user/computer/group).

Permit/restrict access to certain devices

  • Go to User management/Computer management | Control.
  • Click on the Devices and ports tab.
  • In the Profile drop-down menu, select whether the permissions will be applied to online or offline computers. Offline profile means that connection cannot be established with the EgoSecure Server.
  • Right-click a device.
  • Select an access right. See also Configuring a scheduled access, Configuring a temporary access.
  • Click Save.

New permissions are transferred and applied on the Agent.

Configure a scheduled access

  • Right-click a device and select Scheduled access.
  • The Access rights – time schema dialog appears.
  • Select a time period by hovering over the area.
  • Click on an access right.

clipboard_eadf6b621f063c9e36d783c7fbc6acc38.png

  • Click OK to confirm.
  • In the Devices and ports tab, click Save on the toolbar.

Configure temporary access

  • Right-click a device and select Temporary right access.
  • The Temporary right access dialog appears.
  • Select an access type and specify a type period.
  • Click OK to confirm.
  • In the Devices and ports tab, click Save on the toolbar.

Configure unblocking code for offline clients

  • Right-click a device and select Generate unblocking code.
  • The Unblocking code generation dialog appears.
  • Select an access type and access duration and click Generate.
  • The generated code appears in the Code field.
  • Copy the code and send it to the client (e.g. by mail).
  • Via the EgoSecure Agent the client can enter the code and get the access rights:

Assign special permissions to a user on certain computers

  • Right-click a user in User management.
  • Select Assign computers from the context menu.
  • The Selection of computers dialog appears.
  • Select a computer from the directory service structure and click on .
  • The computer appears in the Selected computers field.
  • Click OK to confirm.
  • In User management, the computer appears under the user.

clipboard_e74e00feb1a973372a595a62d1f781799.png

  • Click on the computer and edit the user-specific permissions for the computer in the lower area.
  • Click Save.

Customize permissions for computer

The settings that you define for a computer under Computer management | Settings are connected with the client settings of the Administration menu. For details, see Adjusting client settings. If you want to customize the individual settings of a computer, you can only deactivate but not activate the options defined in the client settings.

Define settings for computer

  • Select a computer under Computer management | Settings.
  • Enable the Activate individual settings box.
  • Disable the necessary settings and click Save.

Define rights for Secure Audit, Filters, Encryption and Application Control products

  • Select a computer in the Computer management menu.
  • In the lower part of the work area, click on the tab where you want to change the settings.
  • Enable the Activate individual settings check box.
  • If the option is greyed out and cannot be edited, the product is not activated. For details, see Activating products.
  • Edit the settings and click Save.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.