Global permissions consist of one or more logical expressions that define permission to run Actions. In Advanced Scripts, you can define permissions for each individual Action in a Script separately. This applies to NetMan Startup and Shutdown Scripts as well. Streamlined Scripts, on the other hand, have just one permission applied "globally," i.e., for the entire Script. This chapter explains how to create and edit global permissions. It also lists the conditions and rights you can use in NetMan Desktop Manager to define global permissions.
You can also define permissions for individual Actions in context; that is to say, while you are editing the Actions in a given Script. These are not stored as global permissions, however, and thus do not affect other Actions. Create global permissions to define the rule sets that you use frequently, so you do not have to create them again each time.
Global permissions are created in the NetMan Center.
1. Open the Resources page: Click on the Resources button in the sidebar.
2.Open the Permissions view: Click on Global permissions in the sidebar to open the Permissions view for global permissions.
3. New: Click on the New button in the Ribbon.
4. Enter a permission ID: Enter an ID for the permissions definition in the Permissions field.
If you tick the box next to Open the new object in the editor, the new global permission will be automatically opened in the Editor for Global Permissions.
5. OK: Click the OK button. The new global permission is created. If you had selected the Open the new object in the editor option, the global permission is automatically opened now in the editor. Alternatively, you can open the permission for editing in the NetMan Center.
Use the buttons above the list of permissions to edit the permissions:
New condition. Adds a condition. The Action will not be executed unless the statement defined by this condition is true.
New permission. Creates a new permission based on user or station name, or group or profile membership.
Add global permission. Adds an existing global permission to the definition. This way, you can define cascading global permissions.
Global permissions that are integrated within other global permissions cannot be deleted. Before a global permission can be deleted, all references to it in other global permissions must be deleted. Click on Used by in the Ribbon to open the NetMan Object Inspector, which shows all references to the object.
Up. Moves an entry up.
Down. Moves an entry down.
Delete. Deletes the selected item.
Delete all. Deletes all conditions and permissions from the list.
All of the conditions and rights available in NetMan Desktop Manager are listed in the following. You can combine these as desired to define global permissions. For each logical expression, you define whether it must be true (is) or not (is not) for permission to be granted. The expressions are linked by logical operators (and/or). Simply click the corresponding field to change an entry.
In NetMan Desktop Manager you can make the execution of Actions (and Scripts) dependent on specified conditions. This NetMan function is unique among network operating systems. You can configure the following conditions:
Drive. Checks whether a specified drive exists; returns true if the drive is found and false if it is not.
Path. Checks whether a specified path exists; returns true if the path is found and false if it is not.
File. Checks whether a specified file exists; returns true if the file is found.
INI entry. Checks a given variable in a Windows INI file; returns true if the variable contains the value specified. INI files are for the most part used by 16-bit Windows programs.
Registry entry. Checks a given entry in the Windows registry; returns true if the entry contains the value specified.
Variable. Returns true if the return value from a given Action contains the value specified.
Object properties. Reads a property of a object, for example the MAC address of a NetMan Station (station-macaddress=FFFFFFFFFFFF). If the property exists and corresponds to the specified value, true is returned.
IP address. You can specify an IP address or an address range (with wildcards). To specify a range of addresses, enter the first and last addresses in the range, separated by a hyphen, with no spaces. Both IPv4 and IPv6 addresses are supported. If the station has the address specified, or an address within the specified range, true is returned.
Host name. Checks whether the client host name matches the name specified (wildcards permitted). If the station has a name that matches the specified name or pattern, true is returned.
RD client version. Checks the version of the RDP or ICA client on the client station. You can specify an explicit version number or a range of versions. Build ID or product ID can be used for identification. If the version number is a match, true is returned.
Operating system. Checks the version of the operating system. If desired, you can specify a general property, such as "session" or "32-bit". If the operating system version matches the specified criteria, true is returned.
Permissions support all groups available in the most commonly used network operating systems. You can refer to the existing structures in your network, without using any additional NetMan Desktop Manager definitions. Since all of your user and workstation names are automatically copied into the NetMan database, you have the option of linking access privileges for Actions and Scripts not only to users' network login names, but also to workstation names, various Active Directory objects, and NetMan user and station groups and profiles. By giving you the option of linking permissions to station names, NetMan Desktop Manager provides a powerful tool not found in most network operating systems, which generally analyze permissions solely on the basis of user accounts. You can reference the following groups:
•Users
•User groups
•User profiles
•Stations
•Station groups
•Station profiles
•NetWare groups
•LDAP definitions
•AD users
•AD user groups
•User OUs
•AD station groups
•Station OUs
•Variables
The Variable permission reads the NetMan Environment and checks whether a defined NetMan variable exists in a specified object.
Please note that some of the permissions or conditions listed above cannot be checked when the client accesses NetMan Desktop Manager over the Web Interface. Specifically, the following rights and conditions are not evaluated in this case:
•Variable (permission)
•Variable (condition)
•INI entry
•Registry entry
•Operating system
•File
•Path
•Drive
These conditions reference properties of the local workstation which cannot be detected over the Web Interface. That is why these properties are not taken into account when using the Web Interface. When Boolean expressions are analyzed for these conditions, the return value is true.
The permissions available in Novell NetWare are displayed in the NetMan Center only if a NetWare client is installed on the station in question.
Once you have specified all of the details needed for the global permission, click the OK button to save your changes.