eDirectory provides a basic level of network access security through default rights. You can provide additional access control by completing the tasks outlined below.
Each time a user attempts to access a network resource, the system calculates the user's effective rights to that resource. To ensure that users have the appropriate effective rights to resources, you can make explicit trustee assignments, grant security equivalences, and filter inherited rights.
To simplify the assignment of rights, you can create Group and Organizational Role objects, then assign users to the groups and roles.
Login security is not provided by default. You can set up several optional login security measures, including login passwords, login location and time restrictions, limits on concurrent login sessions, intruder detection, and login disabling.
You can set up administrators for specific object properties and grant them rights to only those properties. This allows you to create administrators with specific responsibilities that can be inheritable to subordinates of any given container object. A role-based administrator can have responsibilities over any specific properties, such as those that relate to employee information or passwords. See "Administration Basics" in ConsoleOne User Guide. You can also define roles in terms of the specific tasks that administrators can perform in role-based administration applications. See "Configuring Role-Based Administration" in ConsoleOne User Guide.