Complete the following steps for the device level check.
Procedure
- Determine if the Principal has System Administrator permissions at the system level. If yes, consider that Principal authorized.
This check is an optimization from executing the rest of the checks.
- Identify the target concrete device from the access context.
- If the device is a Virtual Design device, skip to step 10 of this procedure.
- Check if the device is explicitly associated to the Principal. If not, skip to step 7 of this procedure.
The Global Device Security policy is now active. Obtain device permissions for the Principal.
- Obtain device permissions for the Principal.
- Check if the required permissions are a subset of the permissions assigned to the Principal in question, on the device. If yes, consider the supplied Principal as authorized and return. If not, continue on to the next step.
- Check if the device is explicitly associated to any other Principal. If not, skip to step 10 of this procedure.
- Obtain permissions on this device for the Others Principal.
- Check if the required permissions are a subset of the permissions assigned to the Others Principal on the device. If yes, consider the supplied Principal as authorized, and return. If not, consider the supplied Principal as not authorized, and return.
- If the device is a design device (copy of operational or just virtual), obtain the containing workspace. It the device is an operational device, skip to step 14 of this procedure.
- Check if the workspace is explicitly associated to the Principal. If not, skip to step 15 of this procedure.
- Obtain overridden permissions for the Principal on the target workspace, if configured. If there are no overridden permissions, skip to step 14 of this procedure.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If not, consider the supplied Principal as not authorized, and return.
- Identify the containing network from the workspace if the device is a design device, or the primary network of the device.
- Check if the network is explicitly associated to the Principal. If not, skip to step 18 of this procedure.
- Obtain overridden permissions for the Principal on the network if configured. If no overridden permissions exist, skip to step 18 of this procedure.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If not, consider the supplied Principal as not authorized, and return.
- Obtain default permissions for the Principal on the target workspace if design device. If not design device, skip to Step 20 of this procedure
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If not, continue on to the next step.
- Obtain default permissions for the Principal on the network identified earlier.
- Check if the required privileges are a subset of the permissions assigned to the Principal, against the target workspace. If yes, consider the supplied Principal as authorized and return. If not, continue on to the next step.
- Check the system.Checking the NCM system