The security model of ARES is based on comparisons between two numbers: an avatar's user rank and the security level of an action that the avatar is attempting to perform. Unless otherwise specified, a non-avatar object inherits the rank of its owner.
Security rules
Individual security permissions in ARES are referred to as security rules. An individual's user rank must meet or exceed the security level of a corresponding rule to perform any action (with some exceptions; see next section).
The level of a rule can be adjusted through the access controls... > rules... menu, or directly, with security <rule> <level>
Ranks
There are six possible ranks an avatar can hold:
- Banned (rank 0)
- The avatar was rejected or blacklisted in response to a consent prompt presented to the unit, or manually added to the ban list. Any attempt to perform any action that requires security authorization will automatically fail.
- Stranger (rank 1)
- The avatar has never interacted with the system before. It will be automatically granted access for any action that requires security level 1, and generate a consent prompt for any action that requires security level 2. Higher security levels will result in failure.
- Guest (rank 2)
- The avatar was allowed or trusted in response to a consent prompt for the unit, or manually added to the guest list. Any attempt to perform any action that requires security level 1 or 2 will automatically succeed.
- Normal user (rank 3)
- The avatar has been added as a user, but not promoted further. It may perform any action requiring security level 3 or lower.
- Manager (rank 4)
- The avatar has been added as a user, and promoted once. It may perform any action requiring security level 4 or lower.
- Owner (rank 5)
- The avatar has been added as a user, and promoted twice. It may perform any action other than those that are set to security level 0 or 6.
Security levels
The user rank required to perform an action is the security level (a number from 0 to 6) currently assigned to its rule.
- For levels 3–5, these are the same as the corresponding user rank.
- Level 2 allows guests (rank 2) to perform an action, but also generates consent prompts in response to attempts by strangers (rank 1).
- Level 1 allows everyone but those who are banned (rank 0) to perform an action.
Levels 0 and 6 are special:
- Level 0 forbids anyone from taking the action, ever.
- Level 6 permits the ARES unit itself to perform an action. If a rule is set to Level 6, the unit may always take that action, even if the unit is banned from itself.
Imposing self-lockout
To fully lock a unit out of controlling its fate, control freaks (see ARES Tutorial: Configuring ARES for control freaks) will want to adjust the security rules so that no rules are set to Level 2 or Level 6, and then ban the unit (access controls... > bans > add new). This prevents the unit from having any say in how it is used.