Thanks Tom! Now my problem is that after playing with those fancy actions... some people cannot anymore upload and/or start Shared Presentations... unless I grant everything to everybody: not that fair. Should I just copy from a clean server install the VenueServer.(cfg|dat) files?
Could it be possible to tweak or reset, somehow, the config using the AGTk tools and infrastructure? \\Rosario Thomas D. Uram wrote: > > Hello Rosario: > > A complete security policy would, as you say, employ an encrypted > Venue and some changes to the roles/actions for a Venue. We have, > unfortunately, not clarified the changes that must be made to the > actions list to prevent entry or access to critical data. > > Rather than do that, though, I'd recommend this: > > - Add the users you want to allow into the Venue to the AllowedEntry > role. This will allow these users into the Venue, and allow them to > perform the actions that are, by default, allowed to venue users. > > - Unauthorize all actions for the Everybody role. For a secure Venue, > you don't need to allow random people to perform any actions whatsoever. > > If you want to make the Venue publicly accessible again later, you can > again authorize the set of actions for the Everybody role. > > If you have more questions, please don't hesitate to ask. > > Tom Uram > > > On 2/15/06 7:12 AM, Rosario Lombardo wrote: >> Hello everybody, >> in order to enforce a security policy for a Virtual Venue Server are >> required encrypted Venues and a some control over Actions and Roles >> (maybe something else?). >> >> - Specifically, which set of actions (dis/)allow uploading and >> deleting files, starting/deleting SharedApp sessions, and similar >> simple tasks? >> >> - More generally speaking, which set of actions are involved in a >> less simpler security policy dealing with various authorization >> classes (Roles)? >> >> I had a look at the docs, API, and also to AGEP-0105.txt draft, but I >> can't find any single description of the dozens of actions, >> differently grouped in Server Security and Venue Security tabs. >> >> Thanks, >> \\Rosario >> >> -- >> >> Rosario Lombardo >> Information Science and Technology Institute (ISTI) - Cnr, Italy >> [email protected] <mailto:[email protected]> >> *-* http://hpc.isti.cnr.it/~lombardo >> <http://hpc.isti.cnr.it/%7Elombardo> >> phone: +39 050-315-3076 >
