Access Control Settings
Access Control Settings, which are part of the Role-Based Access Control (RBAC) system, are available for every access profile in the Permissions, Restrictions, Access Hours, and Authentication tabs of the access profile editor window. Find details about each of them below:
The options available in the Permissions tab allow admins to determine which users or groups can access specific resources through an access profile.
Inherit label access permissions
This option is selected by default and makes the current access profile available to all the users or groups who can access the Label related to an access profile. For more details, see Label.
Allow anonymous access
This option is selected by default and makes the access profile available without any type of authentication, that is, anyone accessing Thinfinity Workspace will be able to access the profile.
Group or user names
This area shows the users and/groups who can connect to the current access profile.
The Add button opens the Find Users or Groups dialog, allowing the selection of users and/or groups from the currently enabled Directory Services.
Note that the Add button is only available when Allow anonymous access option is deselected. (*)
The Remove button allows deleting a user or group from the list of users and/or groups allowed to access the profile.
Permission Groups
Offers access to the permissions groups editor. See the paragraphs below for details.
Reservation buffer
Allows the admin to set the buffer size in which concurrent reservations are allowed. Used in conjunction with the Reservation limit parameter.
Reservation limit
Allows setting the number of concurrent reservations for the resource (the number of simultaneous users).
(*) Thinfinity Workspace supports a user changing the password at their next logon within the web interface. Make sure to uncheck the Use standard browser authentication checkbox in the Authentication tab to enable this option.
If a user or user group needs access to multiple resources, you must create additional access profiles and assign the user or group to each one. Once authenticated, the user can select from the available access profiles to establish a connection. Clicking the Permission Groups button will display the following dialog window:
The following options are available:
Drop-down field
Lists the permissions groups (roles) defined in the system.
[+] button
Adds a new permissions group (role) to the list.
R button
Allows renaming the selected permissions group or role.
[-] button
Removes the selected permissions group or role.
Here is a description of each type of permission:
Access
Enables immediate access to the profile.
Requires approval
Indicates that the user request requires an approval.
Approve access
Can authorize / approve reservation request.
Self reserve
Can create reservations for oneself.
Others can reserve
Can be added by others for the use of a resource.
Reserve for others
Can create reservations for others.
Allow Recurrency
Can create recurring reservations.
The options available in the Restrictions tab allow the admin to define a whitelist and a blacklist of IP addresses allowed to connect the access profile.
In the Profile Editor of your access profile select the Restrictions tab.
No restrictions
No restriction as to which IP Addresses will be able to connect to the access profile.
Allow only from these IPs
Allow connections from the listed IP Addresses.
Block connections from these IPs
Block connections from the listed IP Addresses.
Add
Click to add an IP Address to the list.
Remove
Select an IP from the list then click this button to remove it.
In the Access Hours tab of a access profile Editor, you can define the specific days and times during which the resource will be available to users, allowing you to set a time range for its usage.
In the Profile Editor of your access profile select the Restrictions tab.
Access Allowed
Define the days and the hours when the resource (desktop, app, folder, terminal) will be available.
Access Denied
Define the days and the hours when the resource (desktop, app, folder, terminal) will be disabled.
Allow Access only within this period
Define a specific time interval during which the resource (desktop, app, folder, terminal) will be available.
Note that this tab will only become available if Allow Anonymous Access option from the Permissions tab is disabled.
The Authentication Methods tab allows you to customize the authentication methods for the selected access profile.
No restrictions
No restriction on the authentication method used.
Only users authenticated with these methods
Only the users authenticated with the selected methods will be able to see and connect to the resource (desktop, app, folder, terminal).
Last updated
Was this helpful?