SureSync contains a detailed security mechanism which allows you to control what users have access to what SureSync jobs. This functionality is very useful when you're implementing a shared database stored on a network drive that multiple people access. This database security functionality allows you to safely provide synchronization services to multiple users from a single centralized database.
A common scenario for database security would be when a network is using SureSync with a SQL database. The administrator of the system can give each user that requires access to synchronization a group folder with specific permissions allowing them to run just their jobs. This centralizes SureSync and makes management easier. An information technology manager could also use database security to delegate the task of monitoring SureSync. A particular employee could be given permission to view job status for all jobs in the environment and be denied permissions to make changes to the jobs or execute them resulting in optimal security.
Available Security Settings
By default, security is inherited from the root group folder. It is recommended that you apply security to a group folder and allow all the SureSync objects underneath that folder inherit permissions. This makes security easier to update and manage. Assigning security in this manner might mean that you create a number of different group folders so you can have security inherit to different Relations, Schedules, and Monitors based on different criteria. For example, by department the Relation applies to or by job type.
Permission
Description
Full Control
Grants the selected user full control to the Relation, Schedule, or Real-Time monitor. Full Control includes all of the other rights in this table. In addition, users with Full Control can modify security on the job.
Modify
Grants the selected user the ability to modify the Relation, Schedule, or Real-Time Monitor.
Read and Execute
Grants the selected user the ability to run the Relation, Schedule, or Real-Time Monitor along with the Read rights described below.
Read
Grants the selected user the ability to read a Relation, Schedule, or Real-Time Monitor. This lets a user see the configuration but does not allow them to make any changes.
Stop Job
Grants the selected user the ability to stop the selected Relation, Schedule, or Real-Time Monitor.
View Job Status
Grants the selected user the ability to view job status using SyncStatus.
A Relation, Schedule, or Real-Time Monitor can only exist under one and only one Group Folder. If you drag and drop an object from one group folder to another, a move operation will be performed.
Default Security
When a Relation, Schedule, or Real-Time Monitor is created there is a set of default security applied to that newly created object. If the SureSync machine is a member of a domain then the default security on an object will be the Domain Administrators group, the local machine's Administrators group and the user who created the object. If the SureSync machine is a standalone machine then the default security on an object will be the local machines Administrators group and the user who created the object. You are always free to modify the granted permissions to better suit your required level of security.
The User ID which you configured the SureSync Scheduler to run under when installing the Scheduler according to the directions in the Installing the Scheduler topic must have permissions defined at the Group Folder or Job level allowing access to the jobs which you're planning to run on a Scheduled or Real-Time basis. If this account does not have permission to launch the Relation, Schedule, or Real-Time Monitor in question then you will get errors and the job will not run.
Inheritance
By default objects in SureSync inherit security from their parent Group Folder. For example if you create a Group Folder named Technical Support and you assign the Domain Administrators Group full control and a group named Technical Support the 'View Job Status' right then any Relation, Schedule, and/or Real-Time Monitor which is created under that Technical Support Group Folder will have those same rights assigned to it. You can tell a particular object not to inherit permissions by going to the Security tab of the object in question and removing the checkbox for 'Inherit Security from Parent'.
A Relation, Schedule, or Real-Time Monitor can only exist under one and only one Group Folder. If you drag and drop an object from one group folder to another, a move operation will be performed.
By default, security is inherited from the root group folder. It is recommended that you apply security to a group folder and allow all the SureSync objects underneath that folder inherit permissions. This makes security easier to update and manage. Assigning security in this manner might mean that you create a number of different group folders so you can have security inherit to different Relations, Schedules, and Monitors based on different criteria. For example, by department the Relation applies to or by job type.