Guardant Control Center allows to create rules to control access to network licenses for specific users and groups.
General information
Access restriction rules (hereinafter referred to as restriction rules) are used in cases when it is necessary to restrict/allow someone access to a feature, product or key (software or hardware) located in Guardant Control Center (GCC).
For example
There is a software key with the products Balance, Expense and Order Items in GCC.
The Accounting department needs to be denied access to the Order Items product, and the Purchasing department needs to be denied access to the Balance and Expense products.
If the restriction rules are not set, then access is available to all features, products and keys in GCC
Syntax
The restriction rules have the following format:
[operation]=[username]@[hostname],public:[publicCODE],license:[licenseID],product:[productID],feature:[featureID]| Parameter | Description | Parameter availability | Note |
|---|---|---|---|
operation | Operation with access. Possible values:
| Mandatory | |
username | Local or domain user name for whom the rule is generated. Latin characters must be used for the user name, otherwise GCC will automatically replace the user name with the "*" symbol – all users. | Mandatory | If the rule applies to all users, the "*" symbol must be specified instead of [username] |
hostname | The computer for which the rule is generated. Possible values:
| Mandatory | If the rule applies to all computers on the network, the "*" symbol must be specified instead of [hostname]. |
publicCODE arg | The vendor public access code to which the rule applies. The code must be written in symbolic form | Optional | |
licenseID arg | The software or hardware key identifier to which the rule applies. The identifier must be written in decimal number system | Optional | |
productID arg | The product identifier to which the rule applies. The identifier must be written in decimal number system | Optional | |
featureID arg | The feature identifier to which the rule applies. The identifier must be written in decimal number system | Optional |
If no optional parameters are specified in the restriction rules, the user is denied/allowed access to all keys in GCC.
Examples:
- The user "user1" from computer "pc1" must be allowed access to the "Clock" feature of the "Base Station" product for the "A755BA54" Key.
allow=user1@pc1,license:A755BA54,product:01,feature:01
- All users from all computers must be denied access to the "Clock" feature of the "Base Station" product in all keys.
deny=*@*,product:01,feature:01
- The user "user1" must be denied access to all vendor keys with the public access code "DEMONVK" from all computers.
deny=user1@*,public:DEMONVK
- All users from computer "pc2" must be allowed access to the "Clock" feature of the "Base Station" product for the "A755BA54" Key.
allow=*@pc2,license:A755BA54,product:01,feature:01
Features
- the restriction rules execution order does not depend on the order of their recording in GCC;
- if 2 alternative rules excluding each other are specified, priority is given to the access permission rule - allow;
- by default, access to all features in GCC is allowed for all users from all computers.
Operating modes
There are four modes to work with restriction rules:
- Graphic;
- Text;
- Restrictions file;
- REST API.
Graphic mode is used when it is necessary to create restriction rules quickly.
Text mode is used:
- when it is necessary to change restriction rules quickly.
- for advanced users.
Restrictions file is used when it is necessary to apply restriction rules on several network computers.
REST API is used when it is necessary to build into the application the ability to restrict access to a feature, product or key without using GCC.
The use of graphic, text mode, or the REST API, for all changes made in the restriction rules means automatic rules appliance without need to restart GCC.
But is the restriction file is used, GCC must be restarted for the changes to be applied.
Work with the restriction rules
To work with the restriction rules in graphic or text mode, it is necessary to go to the GCC Accesses section:
- In GCC header, click on the icon
. - Enter the password to access GCC settings. By default, the password is admin.
- In the Settings list, select Accesses.
Create rule
- In the User Access to Network Licenses field, click the +Add button.
- In the opened window, enter the user name and computer name according to the rules syntax, and select the remaining data from the corresponding drop-down lists.
- Select the operation that needs to be controlled by this rule: Allow access or Deny access. Deny access is selected by default.
- Click Add.
Edit rule
- Select the necessary rule to edit.
- In the User Access to Network Licenses window change the required rule parameter.
- Click the Edit button.
Delete rule
- Click on the Trash icon next to the desired rule.
- Confirm the rule deletion by clicking Yes, delete in the opened window.
