Permissions


 

The names of the users and user groups assigned to a device type are shown in the list of accounts on the top left-hand side of the Permissions dialog box.

 

To add a new user or user group to the list of accounts, click on the Add button. You can add several accounts simultaneously.

 

To delete a record from the list of accounts, use the Delete button. Using Ctrl and/or Shift you can highlight and remove several records simultaneously.

 

Use the Set Default button to set default permissions for devices. 

 

Using special time control, you can define a time when the selected user or user group will or will not have access to devices. Time control appears at the top-right side of the Permissions dialog box. Use the left mouse button and select the allowed time. To select a denied time, use the right mouse button. Also, you can use the keyboard to set times - arrow keys for navigation and the spacebar to toggle allowed/denied time.

 

To define which actions on devices are to be allowed for a user or user group, set the appropriate rights. All rights are divided into three groups: Generic, Encrypted and Special Permissions. Each group has its own set of rights:

 

- Generic - Generic rights do not apply to devices that are recognized by DeviceLock Service as encrypted devices.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- Encrypted - encrypted rights only apply to devices that are recognized by DeviceLock Service as encrypted devices.

 

 

 

 

- Special Permissions - these rights only apply to iPhone, Windows Mobile, Palm and Clipboard device types. The content types (Calendar, Contacts, Tasks, etc.) that are controlled by these rights for iPhone, Windows Mobile, and Palm devices represent the same content types that exist in iTunes, HotSync, Microsoft ActiveSync and WMDC applications. For Palm devices, you can enable any Write right only if the corresponding Read right is also enabled.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

To avoid interrupting the synchronization process, users should set iTunes to sync only the content to which they are allowed access.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If users do not have the Screenshot right, they cannot capture screen shots using the PrintScrn key or screen capture tools and utilities.

 

 

NOTE: The Copy Text, Copy Image, Copy Audio, Copy File, and Copy Unidentified Content rights do not control data copying to the clipboard. Users can always copy data to the clipboard regardless of the rights they have. 

 

NOTE: If the access (read and/or write) to some content type is denied during the iPhone or Windows Mobile synchronization process, you have to replug the device in order to continue using the iPhone or Windows Mobile device. 

 

When users attempt to synchronize a Palm handheld device over a network and DeviceLock denies access to some content type, the synchronization session is interrupted. To avoid this situation, users should set the HotSync application to sync only the content to which they are allowed access before attempting synchronization.

 

If all Allow rights are enabled for the user account it means that this account has "full access" rights. If all Deny rights are enabled for the user account it means that this account has "no access" rights. If neither Allow nor Deny rights are enabled for the user account it means that this account inherits access rights from its user group (if there is no group to inherit rights from, then this account has "no access" rights).

 

NOTE: The "no access" right has a priority over all other rights. It means that if the group to which some user belongs has the "no access" right but this user has "full access", the user still can't access a device. If you want to deny access for some user or group, you can just remove it from the account's list, it is not necessary to add it with "no access".

 

Also, the Everyone user has a priority over all other accounts. It means that if Everyone has the "no access" right, no one can access a device.

 

Even if you deny access to hard disks, users with local administrative privileges (the SYSTEM user and members of the local Administrators group) still can access the partition where Windows is installed and running.

 

We recommend that you add only those accounts (users and/or groups) to the list which should be able to access a device.

 

If the account's list is empty (contains no records at all) then no one can access a device.

 

Also, it is recommended to add the SYSTEM user with "full access" to hard disks and optical drives.