Defining the access via dynamic access
The access to the dynamic objects is assigned indirectly though other objects, a query, a device group or a folder. This means, that when dynamic access is assigned, the objects to which the administrator has access might not always be the same.
Query:
A query defines via its target type and its criteria to which objects the administrator has access. These can change either
- when modifications are made to the query itself, such as adding new criteria or modifying one, or
- when changes happen to the environment of the query, which in this case means the target type of the query. For example, a new device that is added to the network complies with the criteria of the query.
For example, administrator admin1 is given access to query French. This query finds all administrators that are located in France, for example, AdminParis, AdminLyon and AdminNantes. A new administrator, AdminNice joins the company at a new location and is added to the database. Because his location is also in France, he will be automatically added to the list of administrators admin1 has access to.
Device Group or Folder:
When providing access via a device group or a folder the administrator has access to all direct and indirect members of this group or folder. For example: the administrator admin is assigned the device group Group 1 as a dynamic object. This group has the members PC1, Group 2 and Group 3. admin now has access to PC1 (direct member) as well as all members of Groups 2 and 3, that is PC2 and PC3 (indirect members). admin will also automatically have access to all PCs that are added to either of these groups. If members are removed from one of these groups he will automatically lose access to the removed members.
For more information, see the following topics:
- Adding-the-results-of-a-query-to-the-security-profile
- Adding the members of a device group to the security
- Adding-the-members-of-a-folder-to-the-security-profile