Role based delegation

Content: 

Overview of Role-Based Delegation 

Cayosoft Administrator has a granular set of roles that grant day-to-day administrators, help desk staff, or self-service users the ability to perform tasks that their jobs require. The Web Administrator’s Roles controls what Queries and Actions are visible to a user when they sign-in to the Cayosoft Administrator Web Portal. Other roles control what users can see and do in the Automation and Configuration console.

1. To create a delegation rule, in Administrator Console navigate to Home > Configuration > Roles. 
2. Select the role that you need to create: 
   1. Global Administrators - trustees have access to all Cayosoft configuration options and administrative features for all platforms. Global Administrators are the administrators who can assign other admin roles or see the Configuration node in the Administrator Console. You can have more than one Global Administrator in your organization. The person who installs the product automatically becomes a Global Administrator.

   2. Administrators - trustees have access to all Web Queries and Actions in Cayosoft Web Portal and can create and configure all automation rules in Administrator Console. You can have more than one Administrator in your organization.

   3. Platform Administrators - trustees have access to Web Queries and Actions in Cayosoft Web Portal and can create and configure automation rules in Administrator Console only for the specified platforms that are defined in a delegation rue. You can have more than one Platform Administrator in your organization.

   4. Dynamic Group Administrators - trustees have access only to the Dynamic Groups node in the Administrator Console. You can create a delegation rule to give some user or group access to create/manage dynamic groups through the Administrator Console.

   5. Web Administrators - trustees don't have access to Administrator Console. You can configure delegation rules and define which Web Queries and Actions the delegated administrator will have the permissions to.  

What do Roles control?

• Access to the Rules and Groups nodes in the Cayosoft Console

  • Creation and modification of Runbooks and Rules in the Rules Section

  • Creation and modification of Dynamic Groups

• Access to the Configuration node in the Cayosoft Console

  • Create, modify and assign Roles

  • Configure the Web Portal

  • Install or Update Extensions

  • Modify Platform settings

  • Update Licensing

  • View Execution History

• Access to the Web Portal

  • What web queries a user can see

  • What selection dialog boxes a user can see

  • What commands the user can execute

  • The attributes that are hidden form the user

  • The attributes that are read-only for the user

What are Global Administrators?

Global Administrators will have immediate access to all Administrative Unit and their content. To limit access for a specific group of administrators, a delegation should be performed within the role that controls access to the specific features required by those administrators.

A user will get Global Administrator if one of the conditions is met:

Delegating the Web Administrators Role

What do Web Administrators Role control?

• What web queries a user can see

• What selection dialog boxes a user can see

• What commands the user can execute

When to use Attribute Policies  in combination with a Web Administrator Role

• When the attributes need to a Required entry 

• When the attributes need to be Hidden from the user

• When the attributes need to be Read-only for the user

• When the attribute needs to be a drop-down list of values

• When the attribute needs to have a default value set

• When a specific entry format must be enforced (ex. Phone numbers)

• When the attribute has a minimum or maximum length

• When the descriptive label next to the attribute needs to be changed

Setting Default Values for Attributes: See Attribute Policies

Create a delegation rule for Help Desk staff 

1. Navigate to Active Directory Virtual Admin Unit. 

2. Click Delegation tab.

3. Click Add Delegation Rule.

4. In the name field, enter the name for the new delegation rule Help Desk Admins.

5. In the Trustee section, click Add.

6. Browse and select a group that will have the Help Desk Admins delegation.

7. Click OK.

8. Click Save Changes at the bottom right to complete the delegation.

9. Below the Trustee Permissions section, Click Add Scope.

10. Check Web Queries Help Desk Admins trustees should be able to see.

11. Check the following actions that will be performed by the Help Desk Admins group:

    1. Clone User

    2. Compare Membership

    3. New User

    4. Reset Password

    5. Suspend User

12. Click OK

13. Click Save Changes

    Note: The account you use to logon to the web portal for testing the Help Desk Role, must be a trustee of the Help Desk Admins delegation and should not be a Global Administrator.

Attribute Policies

What do Attribute Policies Control?

• When the attributes need to a Required entry

• When the attributes need to be Hidden from the user

• When the attributes need to be Read-only for the user

• When the attribute needs to be a drop-down list of values

• When the attribute needs to have a default value set

• When a specific entry format must be enforced (ex. Phone numbers)

• When the attribute has a minimum or maximum length

• When the descriptive label next to the attribute needs to be changed

Setting Default Values for Attributes: See Attribute Policies

Change History