Access control entries define the security configuration for a given tree node – account, printer, input port, server, or service. Each entry consists of the security role and a user or group to which this role is granted when accessing this particular tree node. For example, if an access control entry with user admin and role Administrators exists, it means that user admin has full administrative permissions on that tree node.
Access controls are inherited by default so that all sub-elements of the tree acquire the same configuration. Inherited access controls are shown with the grayed color, and it’s not possible to delete or edit them. It is possible to override inherited access controls in the child nodes or add more entries for users from sub-accounts.
The following screenshot shows how the access control list is displayed on the Customer 1 node for the user from acme vendor:
Which access controls are displayed depends on the user viewing the current node. Given the following hierarchy:
The top-level administrator of the acme vendor will see all of them for all nodes. The users who logged in as Reseller East won’t see access controls inherited from acme and won’t be able to change or override them. The users from Customer 1 account will only see and manage their own access controls:
Changing default inheritance of access controls for child nodes
We can restore the default inherited access controls on customer account child nodes by clicking Reset Child Nodes.
To see this button in Access Control, you must have the PropagateAccessControl permission.
Reset Child Nodes
“Reset Child Nodes” action will remove overridden access controls from child nodes.
- Following up on the example above, in the New port 1 node, click Reset Child Nodes and confirm the action. You will then see that the access controls coming from Customer 1 node are now inherited, as per default: