Dell Powerconnect W-ClearPass Virtual Appliances W-ClearPass Policy Manager 6. - Page 153
Identity: Users, Endpoints, Roles and Role Mapping, Architecture and Flow
View all Dell Powerconnect W-ClearPass Virtual Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 153 highlights
Chapter 14 Identity: Users, Endpoints, Roles and Role Mapping A Role Mapping Policy reduces client (user or device) identity or attributes associated with the request to Role(s) for Enforcement Policy evaluation. The roles ultimately determine differentiated access. Architecture and Flow Roles range in complexity from a simple user group (e.g., Finance, Engineering, or Human Resources) to a combination of a user group with some dynamic constraints (e.g., "San Jose Night Shift Worker"- - An employee in the Engineering department who logs in through the San Jose network device between 8 PM and 5 AM on weekdays). It can also apply to a list users. A role can be: l Discovered by Policy Manager through role mapping ("Adding and Modifying Role Mapping Policies " on page 155). Roles are typically discovered by Policy Manager by retrieving attributes from the authentication source. Filter rules associated with the authentication source tell Policy Manager where to retrieve these attributes. l Assigned automatically when retrieving attributes from the authentication source. Any attribute in the authentication source can be mapped directly to a role. ("Adding and Modifying Authentication Sources " on page 127) l Associated directly with a user in the Policy Manager local user database ("Adding and Modifying Local Users " on page 159 and "Adding and Modifying Guest Users " on page 161). l Associated directly with a static host list, again through role mapping ("Adding and Modifying Static Host Lists " on page 166). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 153