Graded Authentication Rules

IMPORTANT:  Graded authentication is an additional level of control. It does not take the place of regular eDirectory and file system access rights. Regular eDirectory and file system access rights still need to be administered.

The following rules apply to graded authentication in NMAS:

• If the Read label of the clearance dominates or is equal to the assigned security label and the security label dominates or is equal to the Write label of the clearance, then access is Read and Write.
• If the Read label of the clearance dominates or is equal to the assigned security label but the security label does not dominate and is not equal to the write label, then access is Read-only.

  For example, if a user has a clearance with a Read label of Password and Token and a Write label of Password and Token and wants to access a NetWare^® volume that has a security label of Password and Token, then the user will have Read and Write access to that volume. However, the user will have Read-only access to each NetWare volume assigned a Password security label.

  NOTE:  Read-only access prevents passing higher classified data to lower classified areas. Access is always Read-only to security labels that are lower than the clearance's Write label.

• If the Read label of the clearance is dominated by the assigned security label, then no access is allowed.
• Using a login sequence does not grant access rights unless the user is assigned the session clearance.