Because there are many settings in the global level definition, there is a need to segregate some of senhasegura settings to facilitate security policy management and possible exceptions on devices that do not support certain configurations.
For example, some RDP devices do not support the TLS security level, and must be isolated in a separate configuration if the global level is not configured in Automatic mode.
Another example is Linux devices that by strategic decision, or technical limitations, do not support automated privilege elevation with SUDO.
To isolate these Devices and Credentials in segregated configurations, we must first understand senhasegura segregation hierarchy.
Segregation levels
Through the Settings ➔System parameters ➔ Segregated parameters menu, you have access to all registered segregation for proxy sessions.
Segregations respect the hierarchy and order of rewriting. Acting as a chain of settings layers, the next layer will always have the rewriting power under the previous layer:
- Global Parameters
- Access Group Segregations
- Device Segregations
- Credential Segregations
- Origin Segregations
Thus, a parameter defined in the Global layer can be overwritten by Access Group segregation, which in turn can be overwritten by Device segregation, and so on.
CAUTION
Devices and credentials cannot be included in more than one segregated parameter.