Engine Configuration—Edit Access Control
The Edit Access Control view of the Capture Engine Configuration Wizard lets you define which users have access to a Capture Engine and which classes of actions (policies) each user is allowed to perform.
NOTE: There are several ways to create a new user in your operating system. Refer to your operating system documentation for instructions on creating new user profiles.
• Use access control: Select this check box to enable Access Control.
• The Policy column lists the predefined policies:
• System: Allow usage
• Capture: Create new capture
• Capture: Delete captures created by others
• Capture: Modify captures created by others
• Capture: Start/Stop captures created by others
• Capture: View packets from captures created by others
• Capture: View stats from captures created by others
• Configuration: Configure engine settings
• Configuration: View/modify matrix switch settings (Capture Engine (Windows) only)
• Configuration: View the audit log
• Configuration: Upload files
• The User column lists which users have access to a certain policy.
• Edit: Select a policy and then click to define which users have access to the policy. The Add Users to ACL dialog appears:
Browse Users
• Domain: Type the Domain for the Capture Engine. If the Capture Engine is not a member of any Domain, leave this field blank.
• Refresh: Click to poll the Domain controller to retrieve the list of users.
NOTE: Large Domains with hundreds of users may take several minutes to load.
• Name/Description: Displays the name and description for each defined user. Both the name and the description are taken from the operating system security settings (local or Domain).
• Add: Click to add the selected user to the Selected Users table.
Add User
NOTE: If the Capture Engine is not a member of any Domain, you can ignore Add User.
• Domain: Type the Domain for the Capture Engine.
• User: Type the name of the User you wish to add to the Selected Users table.
• Add: Click to add the selected user to the Selected Users table.
Selected Users
• Name/Description: Displays the name and description of users allowed to perform the selected policy.
• Delete: Click to remove the selected user from the Selected Users table.
• Delete all: Click to remove all users from the Selected Users table.
TIP: A Policy that has no users associated with it is effectively reserved for users with Administrator or root level privileges.
Considerations when configuring Access Control
Please note the following when configuring Access Control:
• Users with Administrator or root level privileges always have access to all features of the Capture Engine.
• If the Capture Engine is installed on a machine under local control, the local user with Administrator or root level privileges (and equivalents) has access to the Capture Engine regardless of the settings in the Edit Access Control view.
• If the Capture Engine is installed on a machine under Domain control, the Domain Administrator always has access regardless of the settings in the Edit Access Control view.
• When Use access control is selected and no other users are added to the Edit Access Control view (the initial default settings), then only the user with Administrator (local or Domain, depending on the computer setup) or root level privileges has access to the Capture Engine.
Considerations when disabling Access Control
When access control is disabled, the only restrictions on the use of the Capture Engine are those imposed by the operating system security settings. Examples of relevant permissions controlled by operating system security settings include:
• Login privilege: A user must be able to log in to the machine on which the Capture Engine is running in order to use the program.