Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basics to Know and Best Practices to Do

Published byMervin Reynolds Modified over 5 years ago

Similar presentations

Presentation on theme: "Basics to Know and Best Practices to Do"— Presentation transcript:

1 Basics to Know and Best Practices to Do
Security 101 – Basics to Know and Best Practices to Do

2 Security 101 – Basics to Know and Best Practices to Do
By Amy O’Neel InfoSol, Inc.

3 How To Apply Security © InfoSol 2018

4 Basic - How To Apply STEP 1: Select User Security ON object
© InfoSol 2018

5 Basic - How To Apply STEP 2: Select or Add Group and Assign Security
© InfoSol 2018

6 Basic - How To Apply STEP 3: Assign by Access Level …. Or….
© InfoSol 2018

7 Basic - How To Apply STEP 3b: … Assign by individual granular rights
© InfoSol 2018

8 Definitions © InfoSol 2018

9 Basic #1 - Definitions No Access / Access / Denied © InfoSol 2018

10 Basic #2 - Definitions Explicit vs Inherited © InfoSol 2018

11 Basic #3 - Definitions By Group or by Individual © InfoSol 2018

12 Basic #4 - Definitions General Right or Object Specific Right
© InfoSol 2018

13 Basic Rules (1-4) Summarized
No Access / Access / Denied Explicit vs Inherited By Group or by Individual General Right or Object Specific Right © InfoSol 2018

14 Basic #5 – Inheritance On Object Only or On Sub-Objects Too
Turn off Inheritance © InfoSol 2018

15 Basic #6 – Inheritance Model
Groups – Hierarchy Viewer, Developer, Admin Folders - Flat Viewer X Viewer Developer, Admin © InfoSol 2018

16 The Matrix © InfoSol 2018

17 Matrix Security BOTH Group Inheritance and Folder Inheritance
Explicit Rights Setting Override © InfoSol 2018

18 Matrix Security – Check Membership
Member Of Does not show hierarchy of groups © InfoSol 2018

19 Matrix Security – Everyone Group
Everyone is a member of the Everyone Group Example of On Object Only setting that gets around inheritance issue © InfoSol 2018

20 Matrix Security – Consider the Rules
No Access / Access / Denied Explicit vs Inherited By Group or by Individual General Right or Object Specific Right © InfoSol 2018

21 Matrix Security - Suggestions
UGH!!!! Use Hierarchy Groups and Flat Folders Separate Application Security from Content Security Use Custom Access Levels Document Security © InfoSol 2018

22 SAP/LDAP/AD Groups as Subgroups
SAP / LDAP / Active Directory Good Practice: Drop these automatic groups into a BO group Apply Security with the BO groups © InfoSol 2018

23 Matrix Security – Access Levels
Create Meaningful Access Levels Refresh wo Schedule View Only Top Level Full Control wo Folder Addition Webi Power User Modify Once with Upgrades Start from Existing Access Levels when Applicable © InfoSol 2018

24 BTW on Access Levels…. Type – Specific Rights
Denied Edit General + Granted Edit Crystal Reports = Granted Edit Crystal but not Webi Great for add objects to a folder but not create subfolders Advanced vs Access Levels Advanced right will override Access Level EXCEPT it cannot override a type-specific right setting in an Access Level Only in play when group/folder level inheritance is the same © InfoSol 2018

25 Matrix Security – Security Auditing
Security Query to find out to which objects a user or group has access Access Right Specific Query Builder CMS Universe/Reports …. Better but cumbersome © InfoSol 2018

26 Matrix Security – Security Auditing
Security Query © InfoSol 2018

27 Matrix Security – Security Auditing
More Robust Tools Needed Consider 360Eyes for Security Auditing © InfoSol 2018

28 Matrix Security – Security Auditing
More Robust Tools Needed Consider 360Eyes for Security Auditing © InfoSol 2018

29 Matrix Security – 360View Security Application on Matrix Made Easy
© InfoSol 2018

30 Delegation © InfoSol 2018

31 Delegated Administrators
Ownership rights added in 4.x “….. On objects they own” Special case use for Delegated Admins and User Specific Shared Folders © InfoSol 2018

32 Action for delegated administrator
Rights required by the delegated administrator Create new users Add right on the top-level Users folder Creat new groups Add right on the top-level User Groups folder Delete any controlled groups, as well as individual users in those groups Delete right on relevant groups Delete only users that the delegated administrator creates Owner Delete right on the top-level Users folder Delete only users and groups that the delegated administrator creates Owner Delete right on the top-level User Groups folder Manipulate only users that the delegated creates (including adding those users to those groups) Owner Edit and Owner Securely Modify Rights right on the top-level Users folder Manipulate only groups that the delegated administrator creates (including adding users to those groups) Owner Edit and Owner Securely Modify Rights on the top-level User Groups folder Modify passwords for users in their controlled groups Edit Password right on relevant groups Modify passwords only for principals the delegated administrator Owner Edit Password right on top-level Users folder, or on relevant Groups Note Setting the Owner Edit Password right on a group takes effect on a user only when you add the user to the relevant group. Modify user names, description, other attributes, and reassign users to different groups Edit right on relevant groups users to different groups, but only for users that the delegated administrator creates Owner Edit right on top-level Users folder, or on relevant Groups Setting the Owner Edit right on relevant groups takes effect on a user only when you add the user to the relevant group. © InfoSol 2018

33 Helpdesk “Administrators”
© InfoSol 2018

34 Helpdesk “Administrators”
Not many user-specific rights with CMC © InfoSol 2018

35 CMC Tab Customization © InfoSol 2018

36 CMC Tab Customization © InfoSol 2018

37 “Security” by Button Removal (aka Customizations)
© InfoSol 2018

38 Customizations vs Security
© InfoSol 2018

39 Speaking of Customizations…
Customizations are not Security When using Customizations for display, also apply security Often Customizations are in multiple places Rigorous Testing Recommended © InfoSol 2018

40 Customizations vs Security
© InfoSol 2018

41 Customizations vs Security
No Inheritance w/ Customization Better to Use Security © InfoSol 2018

42 Everyone Group Cannot Set their Preferences and/or Customization
On Everyone Group – Only CMC Tab Configuration © InfoSol 2018

43 Senior Technical Consultant
…And Lots More Questions? Thank you Amy O’Neel Senior Technical Consultant InfoSol © InfoSol 2018

44 Thank You!

Download ppt "Basics to Know and Best Practices to Do"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Chapter 5 File and Printer Services

Chapter 5 File and Printer Services
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Similar presentations

Ads by Google