Understanding NDPS and iPrint Access Control Security Levels.

  • 7001735
  • 27-Oct-2008
  • 26-Apr-2012


Novell Distributed Print Services (NDPS)
Novell iPrint


Understanding NDPS and iPrint Access Control Security Levels.


When "Printer Security Level" on a Printer Agent is at the default of medium, users will not be able to install the Printer unless they are added to the Access Control List (ACL). There are several important notes to keep in mind to understand the behaviour of this functionality. Unless explicity clarified, the information below applies to NDPS printing and not iPrint printing.  
1. Users who share the same OU as the Printer Agent are added to the ACL by default. The OU can be removed if this is not the desired configuration.
2. While users not added to the ACL will not be able install the printer, they will, however, be able to print to the printer. At first thought, one may think, "If you can't install a printer, then how could you print to the printer?" Below are two scenerios where a user has no rights to install the printer, but does have rights to print to the printer:

Scenario A: The user was once listed as a "User" in the ACL and installed the printer. Then the user was removed from the list. In this case, the user will be able to print to that printer.

Scenario B: UserA is listed as a "User" in the ACL to a particular Printer Agent and UserB is not. UserA installs the printer to the workstation. UserB logs into that same workstation. UserB will be able to print to the printer.

3. If security is set to "High" on the printer agent, then users must be added to the Access Control list to install or print to the printer agent.
4. The "Low" security setting functions similarly to the "Medium" security level.
5. Non-secure iPrint printing does not check security. Users will be able to install and print to printers regardless of what shows in the ACL. 
6. Secure iPrint printing follows the same rules as NDPS printing and will only be functional if SSL is used
7. Regardless of any Security setting or wether or not SSL is used for I-Print, all printers will be visible for any user

Additional Information

Formerly known as TID# 10089134