Variants of product activation and their impact on permission profile
|
ID: 17121301
Languages: EN, DE
Components: EgoSecure Server, EgoSecure Agents
Operating system: Windows
|
Products (Licenses) can be activated either for users or for computers. When products are activated for the computer, the settings of the computer take effect, regardless of the rights for a user registered there. Activating products for computers is only useful for certain products or for computers where restrictions apply to all users without distinction.
Not all products can be activated on the computer and on the user. The following table describes where products of EgoSecure Data Protection can be activated.
|
Activated only for computers
|
Activated only for users
|
Activated on users and on computers
|
|
BitLocker Management
Green IT
EgoSecure Antivirus
Inventory
Data Loss Prevention - Data at Rest
|
Cloud Storage Encryption
Local Folder Encryption
Network Share Encryption
Password Manager
Permanent Encryption
Secure Erase
Data Loss Prevention - Data in Use
|
Access Control
Secure Audit
Shadow Copy
Application Control
Removable Device Encryption
Insight Analysis
IntellAct Automation
|
EgoSecure verifies and prioritizes the permissions in the following order:
Priority 1: Computer rights
Products are activated on the used computer
Priority 2: User rights
Products are activated on the user
In the EgoSecure Data Protection Console define, which permissions are assigned to computers and users (known + unknown) and which permissions are applied to computers and users working in online or offline mode. It depends on the product activation how these permissions are applied.
When a user logs on to a computer, the currently valid permission profile is displayed in the User rights tab of the local EgoSecure Agent
In addition, the profile displays whether the user's computer is in online or offline mode. Offline mode means that the computer where the EgoSecure Agent is running has no connection to the EgoSecure Server.
Activating products for a computer or for a computer and a user
To apply the permissions to a computer and to all users who log on to this computer, activate the product for the computer. Regardless of the products and rights, assigned to this user, the settings are applied to the computer.
⇒ Permission profile displayed on the Agent: Computer rights
In the following example the product Removable Device Encryption is activated for the computer:
Every user registered on this computer can use the product with the settings set for the computer.
Activating products for a user
Once a product is activated for a user, this product can be used on every computer with installed EgoSecure Agent . Once the product is activated only for the user and not activated for the used computer, the settings assigned to the user take effect. This can be the default rights for users, group rights or individual device permissions.
a) A user can be assigned to a computer, for which he has special access rights. For this purpose, special access rights are applied to the assigned object. These computer-dependent access rights apply to the user if the Access Control product is activated for the user and not activated for the assigned computer.
In the example below, User_007 has no access to CD/DVD on all computers (1), but has full access to CD/DVD when he logs on to the computer from the screen (2).
⇒ Permission profile displayed on the Agent: User + computer rights
b) If a user is not assigned to a computer, he has the same access rights on all available computers. If the Access Control product is activated for the user and not activated for the computer, the user-defined access rights are applied.
⇒ Permission profile displayed on the Agent: User rights
Failed activation
If the product activation failed for both a user and a computer, EgoSecure Data Protection will not run on the client.
The only exclusion is the Access Control module: users who are not in the directory service structure or new users of the directory who haven't been yet synchronized are managed as unknown users. For unknown users, no licenses are applied, but they get rights and restrictions defined for unknown users. These settings are configured in the Unknown users default profile.
⇒ Permission profile displayed on the Agent: Unknown user rights
If the user of the directory service structure is known, the not activated profile is assigned. The user has no access restriction on devices.
⇒ Permission profile displayed on the Agent: User rights (User not activated)
