Figure 4. Adding a resource property to the Global Resource Property
List
Creating a New Central Access Rule
A central access rule is similar to an access control list (ACL). With such a rule,
you can set conditions for user access to data—for example, you can set
up a rule such as “If x condition is met, then
access is granted.”
In this example, we’ll require that a user’s department attribute
match the value of a folder share’s department attribute.
Open up ADAC, and click Dynamic Access Control, Central Access Rules, New,
and then Central Access Rules.
Under Name, type Department-Payroll-Match-Required. You can
name your rule anything; just make sure you can easily identify what the
rule is supposed to do. Under Target Resources, click Edit and then “Add
a condition.”
Now add two conditions: Resource Department Payroll Exists and
Resource Department Payroll Equals Value Payroll, and then click OK.
(See Figure 5.)
Under Permissions, select “Use following permissions as current
permissions” and click Edit to define permissions. For example, you can
choose to give the Payroll Department Full Control to any data this rule
is applied to. To test permissions without actually putting them into
effect, select “Use following permissions as proposed
permissions.”
