Top menu

How to set varied access permissions for generic removable devices and encrypted volumes for the same user account

DESCRIPTION

This article provides an example on how to configure read-only access to specific file types on every USB flash drive, and full access to specific file types in an encrypted volume located on a specific USB flash drive for the same user.

TASK

Allow a user read-only access to e.g. MS Word documents on any USB flash drive + full access to MS Word files in e.g. TrueCrypt volume that is stored on a specific USB flash drive.

HOW-TO

1. Enable TrueCrypt integration in Service Options-> Encryption;
2. Configure Removable permissions as below:

System: Full Access

3. Configure USB Port permissions as below:

System: Full access

3. Add encrypted flash drive to USB Devices White List for the user with "Control as type" flag checked;

4. Create the following Content-Aware rule for the user:

Applies to - Permissions
Device Type(s) - Removable
Actions- Generic: ALLOW READ,
Encrypted: ALLOW READ, ALLOW WRITE

*Normally, the user would need at least read-only access on Generic Removable level to access file-hosted container, but since content-aware rules are configured to grant the user read-only access to some file type(s) on generic level, the encrypted volume will be accessible.

**This configuration is applicable for allowing full access to specific file types on certain Generic removable flash drives as well.