Differences between Security Center 5.x and 5.7 partitions - Security Center 5.7 GA

Security Center Installation and Upgrade Guide 5.7 GA
series
Security Center 5.7 GA
revised_modified
2017-10-25

Beginning in Security Center 5.3, there were many changes made that affect how partitions are used and configured.

The following table summarizes the changes to partitions that apply to Security Center version 5.3 and later.
  Security Center 5.2 and earlier Security Center 5.3 and later
Terminology
  • Accepted users
  • Partition manager
  • Authorized users
  • Partition administrator (up to 5.6). Beginning in 5.7 GA, privileges that used to be exclusive to administrators can now be granted individually, making the concept of partition administrator obsolete.
Security configuration Security task: Allows you to configure users, user groups, and partitions in three separate tabs. User management task: Allows you to configure users, user groups, and partitions within a single entity hierarchy.
Partition configuration
  • Can only be created in the Partitions tab of the Security task in Config Tool.
  • Partitions are always shown in the Partitions tab of the Security task in Config Tool.
  • The content of a partition can only be modified in the partition’s Properties tab.
  • Can be created from any administration task where an entity hierarchy is shown.
  • Users can choose to show or hide partitions in any administration tasks by clicking Show partitions () in the Search box. Partitions are completely hidden if no user-created partitions exist.
  • The content of partitions can be modified directly in any entity tree by dragging-and-dropping the entities into the partitions you want them to be a member of.
Partition access rights configuration
  • Users’ access rights for partitions are configured in the Accepted users tab of each partition entity.
  • Access rights are implicitly inherited from parent user groups. User group members have access to the partition even though they are not shown in the Accepted users tab.
  • Access rights granted for a parent partition are also granted for the child partitions.
  • Users’ access rights for partitions are configured in the Access rights tab of each individual user and user group entity.
  • Access rights are explicitly inherited from parent user groups and are clearly indicated in the user’s Access rights tab.
  • Access rights granted for a parent partition are granted by default for the child partitions, but can be denied on a case by case basis.
Partition membership configuration
  • An entity cannot belong to more than three partitions.
  • There are no rules governing the partition memberships of related entities. Each entity’s membership to a partition must be configured individually. For example, adding a cardholder group to a partition does not automatically add the group members to that partition.
  • There is no limit to the number of partitions an entity can belong to.
  • The system automatically applies a set of rules concerning the partition memberships of related entities, based on the most common practices. For example, adding a cardholder group to a partition automatically adds the group members to that partition. The administrator can always change the automatically applied memberships on a case by case basis.
Public partition
  • All users can see the entities in the Public partition in entity lists, even non accepted users.
  • Only accepted users with administrative privileges can view the properties of the entities in the Public partition.
  • The Public partition cannot be renamed nor deleted.
  • The Public partition no longer exists.
  • When partitions are not required, the root partition (named after your main server) contains everything you create and is accessible to all users by default.
  • When you upgrade a system with multiple partitions to 5.7, the Public partition is migrated, but the features of the Public partition in 5.7 are different.
    • Users who were not accepted users of the Public partition in 5.0, 5.1, or 5.2 will have no access to the Public partition in 5.7.
    • You can rename, modify and delete the Public partition in 5.7.
System partition
  • The System partition is a hidden partition with the unique characteristic that only administrators can access its content.
  • Entities that do not belong to a user-created partition implicitly belong to the System partition.
  • The System partition is used to hold all entities that must be accessible to all users at all times. For example, the Always schedule, the Health Monitor role, and the Media Router role, all belong to the System partition.
  • The System partition is exclusively managed by the system. Not even administrators can change it.
  • Entities that do not belong to a user-created partition automatically belong to the root partition.