Guardant Control Center allows to create rules to control access to network licenses for specific users and groups.

General information

Access restriction rules (hereinafter referred to as restriction rules) are used in cases when it is necessary to restrict/allow someone access to a feature, product or key (software or hardware) located in Guardant Control Center (GCC).

For example
There is a software key with the products Balance, Expense and Order Items in GCC.
The Accounting department needs to be denied access to the Order Items product, and the Purchasing department needs to be denied access to the Balance and Expense products.

If the restriction rules are not set, then access is available to all features, products and keys in GCC

Syntax

The restriction rules have the following format:

[operation]=[username]@[hostname],public:[publicCODE],license:[licenseID],product:[productID],feature:[featureID]
Parameter

Description

Parameter availability Note

operation

Operation with access.

Possible values:

  • allow – allow access;
  • deny – deny access 
Mandatory
username

Local or domain user name for whom the rule is generated.

Latin characters must be used for the user name, otherwise GCC will automatically replace the user name with the "*" symbol – all users.


MandatoryIf the rule applies to all users,  the "*" symbol must be specified instead of [username]
hostname

The computer for which the rule is generated.

Possible values:

  • local or domain computer name;

    Latin characters must be used for the computer name, otherwise GCC will automatically replace the computer name with the "*" symbol – all computers on the network.

  • IP address of the computer;
  • IP address of the computer/netmask
MandatoryIf the rule applies to all computers on the network, the "*" symbol must be specified instead of [hostname].
publicCODE arg

The vendor public access code to which the rule applies.

The code must be written in symbolic form

Optional
licenseID arg

The software or hardware key identifier to which the rule applies.

The identifier must be written in decimal number system

Optional
productID arg

The product identifier to which the rule applies.

The identifier must be written in decimal number system

Optional
featureID arg

The feature identifier to which the rule applies.

The identifier must be written in decimal number system

Optional

If no optional parameters are specified in the restriction rules, the user is denied/allowed access to all keys in GCC.

Examples:

  1. The user "user1" from computer "pc1" must be allowed access to the "Clock" feature of the "Base Station" product for the "A755BA54" Key. 
    allow=user1@pc1,license:A755BA54,product:01,feature:01
  2. All users from all computers must be denied access to the "Clock" feature of the "Base Station" product  in all keys.
    deny=*@*,product:01,feature:01
  3. The user "user1" must be denied access to all vendor keys with the public access code "DEMONVK" from all computers. 
    deny=user1@*,public:DEMONVK
  4. All users from computer "pc2" must be allowed access to the "Clock" feature of the "Base Station" product for the "A755BA54" Key.
    allow=*@pc2,license:A755BA54,product:01,feature:01

Features

  • the restriction rules execution order does not depend on the order of their recording in GCC;
  • if 2 alternative rules excluding each other are specified, priority is given to the access permission rule - allow
  • by default, access to all features in GCC is allowed for all users from all computers.

Operating modes

There are four modes to work with restriction rules: 

  • Graphic;
  • Text;
  • Restrictions file;
  • REST API

Graphic mode is used when it is necessary to create restriction rules quickly.

Text mode is used:

  • when it is necessary to change restriction rules quickly.
  • for advanced users.

Restrictions file is used when it is necessary to apply restriction rules on several network computers.

REST API is used when it is necessary to build into the application the ability to restrict access to a feature, product or key without using GCC.

The use of graphic, text mode, or the REST API, for all changes made in the restriction rules means automatic rules appliance without need to restart GCC.

But is the restriction file is used, GCC must be restarted for the changes to be applied.

Work with the restriction rules

To work with the restriction rules in graphic or text mode, it is necessary to go to the GCC Accesses section:

  1. In GCC header, click on the icon .
  2. Enter the password to access GCC settings. By default, the password is admin.
  3. In the Settings list, select Accesses

Create rule

  1. In the User Access to Network Licenses field, click the +Add button.
  2. In the opened window, enter the user name and computer name according to the rules syntax, and select the remaining data from the corresponding drop-down lists.
  3. Select the operation that needs to be controlled by this rule: Allow access or Deny access. Deny access is selected by default. 
  4. Click Add.

Edit rule

  1. Select the necessary rule to edit.
  2. In the User Access to Network Licenses window change the required rule parameter.
  3. Click the Edit button. 

Delete rule

  1. Click on the Trash icon next to the desired rule.
  2. Confirm the rule deletion by clicking Yes, delete in the opened window.


  • No labels