5.1.12. Access Control

Access control entries define the security configuration for a given tree node – account, printer, input port, server or service. Each entry consists of the security role and a user or group to which this role is granted when accessing this particular tree node. For example if an access control entry with user admin and role Administrators exists, it means that user admin has full administrative permissions on that tree node.

Default settings

Access controls are inherited by default so that all sub-elements of the tree acquire the same configuration. Inherited access controls are shown with the grayed color and it’s not possible to delete or edit them. It is possible to override inherited access controls in the child nodes or add more entries for users from sub-accounts.

The following screenshot shows how the access control list is displayed on the Customer 1 node for the user from acme vendor:

Which access controls are displayed depends on the user who is viewing the current node. Given the following hierarchy:

The top-level administrator of the acme vendor will see all of them for all nodes. The users which logged in as Reseller East won’t see access controls inherited from acme and won’t be able to change or override them. The users from Customer 1 account will only see and manage their own access controls:

Changing default inheritance of access controls for child nodes

!Important: please exercise caution when changing the default inheritance for the access controls and make sure you understand the effects of this action beforehand!

We can restore the default inherited access controls on customer account child nodes by using the “Reset Child Nodes” button.

Please note that this button will be available in the Access Control view only if the impacting permission PropagateAccessControl is selected for the role of the logged in user (by default it is not selected):

Reset Child Nodes

“Reset Child Nodes” action will remove overridden access controls from child nodes.

• Following up on the example above, on the customer node press the “Reset Child Nodes” button and confirm the action; we will then see that the access controls coming from customer node are now inherited, as per default: