Assured: The Isode Blog

The M-Vault Directory Server provides two types of access control.

1. Security Label (Rule) based access control, introduced in R14.2. This is particularly useful for controlling read access to data that many users need. See the Isode whitepaper "Using Security Labels for Directory Access Control and Replication Control"
2. Identity based access control that specifies access control based on the identity of the user connecting to the directory. This includes role based access control.   Access control can be specified for a single entry, or as a "template" (prescriptive ACI) to be applied across a directory sub-tree (administrative area).   M-Vault implements the X.500 "basic" and "simplified" access control functionality, which give sophisticated access control capabilities.

Effective management of sophisticated access control presents a hard UI design problem.

R14.3 and earlier provide GUI management of access control in EDM. This is an effective tool, but does require either training or careful study of the manual in order to use it. We believe that this cost discourages some customers from making appropriate use of access control. For example, some

messaging deployments have message configuration data managed by "DSA Manager" rather than by an appropriate messaging role.

R14.4 introduces a new UI for access control management as a part of Sodium. We did not wish to "dumb down" the functionality available, so have looked for ways to present information in a manner that is both clear and complete. We have worked to provide a UI which is reasonably intuitive, and which will enable straightforward changes and extensions to access control to be configured without the need for training or extensive study of the manual.

We've provided a few screen shots of a pre-release version of the UI, to give the sense of what this new UI will look like: