Setting Access Control for NDPS Printers

Printer security is ensured through the assignment of the Manager, Operator, and User access control roles and by the strategic placement of your printers and printer configurations.

You can assign multiple Printer objects to represent a single Printer Agent. You can then make different access control assignments to each Printer object. This can be an especially useful option if you want to allow users in different containers to use the same printer, because each group of users can be given different rights to the printer.

A physical printer cannot be a controlled access printer and a public access printer at the same time. However, if you delete all the Printer objects representing a Printer Agent, that printer will become a public access printer.

The following sections discuss security options for NDPS printers in more detail.


Printer Access Control Roles

Different User, Group, or Container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each will have.

The following table describes the rights and privileges associated with each of the NDPS Printer access control roles.

Role Description

Manager

NDPS tasks performed exclusively by the Printer Manager are those that require the creation, modification, or deletion of NDPS Printer objects, as well as other eDirectory administrative functions. Printer Managers are automatically designated as printer Operators and Users as well, so they can perform all tasks assigned to the Operator role. Typical Manager functions include the following:

  • Modifying and deleting Printer objects
  • Adding or deleting Operators and Users for a printer
  • Adding other Managers
  • Configuring interested-party notification
  • Creating, modifying, or deleting printer configurations

Operator

Printer management tasks performed by the Operator include the following:

  • Performing all of the functions available through the Printer Control page
  • Pausing, restarting, or reinitializing printers
  • Reordering, moving, copying, and deleting jobs
  • Setting printer defaults, including locked properties
  • Configuring print job spooling

Operators cannot create, modify, or delete eDirectory objects or perform other eDirectory administrative functions.

User

NDPS tasks performed by Users include the following:

  • Submitting print jobs
  • Managing print jobs they own (Users cannot copy, move, reorder, or remove jobs they do not own)

To simplify administration, the container a printer resides in is automatically assigned as a User for that printer, so all users in that container and its subcontainers can use that printer without being added to the list. You can delete the container from the list if you want to limit access to certain users, groups, or roles.


Assigning Printer Access Control Roles through NDPS Printer Objects

Different User, Group, or container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each will be given.

  1. In iManage, click iPrint Management > Manage Printer.

  2. Browse to and select the printer you want to enable Access Control for.

  3. Click the Access Control tab.

  4. Add or delete Users, Groups, or Container objects to the different Access Control roles.

  5. Click OK.


Assigning Printer Access Control Roles through User Objects

In addition to configuring access control through NDPS printers, you can also configure access control through User objects.

The following procedure assumes that you are modifying the attributes for an existing User. You can also adapt this procedure if you are creating a new User object.

  1. From the NetWare Administrator browser's Object menu, select the User object you want to configure access control for, and then click NDPS Printer Access Control.

    A list of available NDPS printers is displayed with icon representations of the three NDPS Access Control roles: User, Operator, and Manager.

  2. Select the printer that you want to assign this user an access control role for.

  3. Check the roles you want this user to be assigned for this printer.

    If you check Manager, this user is automatically assigned Operator and User roles as well. Operator and User roles are assigned independently. Keep in mind that a User object must be assigned the access control role of User in order to submit print jobs to that printer.

  4. (Optional) Click the Event Notification button to configure event notification for this user.

  5. Click OK.


Planning Your Printer Connections and Locations for Better Security

Depending on your organization's needs, the network administrator can attach printers directly to NetWare® servers or to the network. Both types of setup can provide security and administrative advantages. The ideal combination for each installation is different and will change as needs change. Be sure to consider the advantages of each approach when you set up your network.

Connecting the printer to the server places the two resources in close proximity to each other. If the server is in a secure location, this means that the printer is locked up with the server. This might be an advantage. For example, your company might use that printer to print confidential documents. Having the printer in a secure location protects these documents.

Because most printers are already network-enabled, the most common type of network setup includes printers attached directly to the network. This allows the printer to be placed in a convenient location for all users, and places it away from the server for security reasons. Users who use the printer normally will not have access to the server console. Security is still maintained by requiring users to use a password to log in to the network before they can use the printer.



Previous | Next