To correctly configure resource protection, you should meet three conditions:
|1.||Define the protected resource.|
|3.||Give the user access rights to this resource.|
There are two methods to define user rights:
|•||Explicitly, i.e. add the user to the list of privileged users for this resource.|
|•||Via a group, i.e. add the user to the privileged group of users.|
While checking the user, IISKeeper first checks the list of privileged users. If the user is not found, it searches for the user via the privileged group. Thus, the first method has higher priority.
Both methods have advantages and drawbacks. Assigning privileges inexplicitly via a group is more convenient. But it is impossible to specify user limitations regarding traffic and access time for the resource in this case. However, there are cases when it is enough just to define the access right for a resource.