You can allow and prohibit the use of USB devices on your device. Specific rules for individual devices or device classes are possible.

Enable USB Access Control

  1. Open the Setup and go to Devices > USB Access Control.
  2. Enable the option Enable.

  3. Select the Default Rule. The default rule specifies whether the use of USB devices is generally allowed or prohibited.

    Tip

    It is generally recommended to set Default rule to Deny and to configure Allow rules only for the required USB devices and USB device classes. 

  4. Create one or more rules for classes of devices or individual devices.

Create a Class Rule

  1. To create a new rule, click in the Class Rules area.
  2. Choose a rule. The rule specifies whether use of the device class defined here is allowed or prohibited.
  3. Under Class ID, select the class of device for which the rule should apply. Examples: Audio, Printer, Mass Storage.
  4. Under Name, give a name for the rule.
  5. Click OK.
  6. Save the changes.
    The rule is active.

Create a Device Rule

When a rule is defined, at least one of the properties Vendor ID or Product ID or UUID must be given.
  1. To create a new rule, click in the Device Rules area.
  2. Choose a rule. The rule specifies whether use of the device defined here is allowed or prohibited.
  3. Give the Vendor ID of the device as a hexadecimal value.
  4. Give the Product ID of the device as a hexadecimal value.
  5. Give the Device UUID (Universal Unique Identifier) of the device.
  6. Specify Permissions for the device.
    Possible values:
    • Global setting: The default setting for hotplug storage devices is used; see Default permission parameter under Devices > Storage Devices > Storage Hotplug.
    • Read only
    • Read/Write
  7. Under Name, give a name for the rule.
  8. Click OK.
  9. Save the changes.
    The rule is active.

Example

  • The set rule prohibits the use of USB devices on the device.
  • A class rule allows the use of all entry devices (HID = Human Interface Devices).
  • A device rule allows the use of the USB storage device with the UUID 67FC-FDC6.
  • The use of all other USB devices, for example, storage devices or printers, is prohibited.