How do I restrict map-point access for user(s)?

Version 1

    Verified Product Versions

    AppSense DataNow 3.6AppSense DataNow 3.5AppSense DataNow 3.0AppSense DataNow 2.0AppSense DataNow 4.0AppSense DataNow 4.1

    Introduction

    DataNow honours existing NTFS/Share permissions, but further granular control can be applied via map point policies.

    Detail

    Access to Map Points can be restricted using Map Point Access Policies.  The policy for each Map Point is configured in the Admin Console by navigating to 'Policy' -> 'Map Point Access'.  Expand a Map Point and click 'Edit' to configure its policies.

    In the left hand pane, define which users you wish to configure individual map point policies for. You can define different policies for: 

    • All Users (Default)
    • Organizational Units (OU)
    • User Groups
    • Individual Users

    For each OU, user group or individual user, you can set the following policies in the right hand Pane: 

    • Force read-only – Users that connect to this Map Point cannot modify or upload DataNow files on their devices.
    • Only allow VERIFIED devices to connect – Devices which connect via this Map Point must have been approved by an administrator.

    It is also possible to configure which type of devices the users are allowed to connect with via the 'Platform Access' section: 

    Specify which platforms can connect to this Map Point and log in to DataNow: Windows/Apple Mac/iOS/Android/Web Client.  Platform restrictions can also be set on a global basis.  Global restrictions take precedence over those set at Map Point level - if you disable a platform at the global level, it is disabled for all users regardless of the setting on their Map Point. 

    Rule ordering:

    The more specific the rule, the higher the priority. For example, a security group will take precedence over an OU rule, and a per user rule will take precendece over either of these.

    With regards to rule precendence at the same level (for example, overlapping security groups) each time a group is added to a map point policy, an entry is created in the database which assigns a numeric ID to the group. These IDs both define how the groups are displayed in the admin console and how they are processed (i.e. oldest added group first). During rule checking, the first group that returns a successful map against a user has its defined policies applied, unless it is overridden by a specific per-user policy.