Content:
Overview of Role-Based Delegation
Cayosoft Administrator has a granular set of roles that grant day-to-day administrators, help desk staff, or self-service users the ability to perform tasks that their jobs require. The Web Administrator’s Roles controls what Queries and Actions are visible to a user when they sign-in to the Cayosoft Administrator Web Portal. Other roles control what users can see and do in the Automation and Configuration console.
- To create delegation rule, in Administrator Console navigate to Home > Configuration > Roles.
- Select the role that you need to create:
- Global Administrators - have access to all Cayosoft configuration options and administrative features for all platforms. Global Administrators are the administrators who can assign other admin roles or see the Configuration node in the Administrator Console. You can have more than one Global Administrator in your organization. The person who installs the product automatically becomes a Global Administrator.
-
Administrators - have access to all Web Queries and Actions in Cayosoft Web Portal and can create and configure all automation rules in Administrator Console. You can have more than one Administrator in your organization.
-
Platform Administrators - have access to Web Queries and Actions in Cayosoft Web Portal and can create and configure automation rules in Administrator Console only for the specified platforms that are defined in a delegation rue. You can have more than one Platform Administrator in your organization.
-
Dynamic Group Administrators - have access only to the Dynamic Groups node in the Administrator Console. You can create a delegation rule to give some user or group access to create/manage dynamic groups through the Administrator Console.
-
Web Administrators - don't have access to Administrator Console. You can configure delegation rules and define which Web Queries and Actions the delegated administrator will have the permissions to.
What do Roles control?
-
Access to the Rules and Groups nodes in the Cayosoft Console
-
Creation and modification of Runbooks and Rules in the Rules Section
-
Creation and modification of Dynamic Groups
-
-
Access to the Configuration node in the Cayosoft Console
-
Create, modify and assign Roles
-
Configure the Web Portal
-
Install or Update Extensions
-
Modify Platform settings
-
Update Licensing
-
View Execution History
-
-
Access to the Web Portal
-
What web queries a user can see
-
What selection dialog boxes a user can see
-
What commands the user can execute
-
The attributes that are hidden form the user
-
The attributes that are read-only for the user
-
What are Global Administrators?
Global Administrators will have immediate access to all Administrative Unit and their content. To limit access for a specific group of administrators, a delegation should be performed within the role that controls access to the specific features required by those administrators.
A user will get Global Administrator if one of the conditions is met:
-
A user is a local admin on the machine where Cayosoft Administrator is installed
-
A user who installed Cayosoft Administrator
-
A user is in the list of Global Administrators: HOME > CONFIGURATION > Roles > Global Administrators
Delegating the Web Administrators Role
What do Web Administrators Role control?
-
What web queries a user can see
-
What selection dialog boxes a user can see
-
What commands the user can execute
When to use Attribute Policies in combination with a Web Administrator Role
-
When the attributes need to a Required entry
-
When the attributes need to be Hidden from the user
-
When the attributes need to be Read-only for the user
-
When the attribute needs to be a drop-down list of values
-
When the attribute needs to have a default value set
-
When a specific entry format must be enforced (ex. Phone numbers)
-
When the attribute has a minimum or maximum length
-
When the descriptive label next to the attribute needs to be changed
Setting Default Values for Attributes: See Attribute Policies
Create a Help Desk delegation
-
Navigate to Configuration > Roles > Web Administration
-
Click Add Delegation Rule
-
In the name field, enter the name for new delegation rule Help Desk Admins
-
In the Trustee section, click Add
-
Browse and select a group that will have the Help Desk Admins delegation
-
Click OK
-
Click Save Changes at the bottom right to complete the delegation
-
Below the Trustee Permissions section, Click Add Scope
-
Check the Administrative Units, Queries Help Desk Admins Trustees should be able to see.
-
Check the following actions that will be performed by the Help Desk Admins group
-
Clone User
-
Compare Membership
-
New User
-
Reset Password
-
Suspend User
-
-
Click OK
-
Click Save Changes
Note: The account you use to logon to the web portal for testing the Help Desk Role, must be a trustee of the Help Desk Admins delegation and should not be a Global Administrator.
Attribute Policies
What do Attribute Policies Control?
-
When the attributes need to a Required entry
-
When the attributes need to be Hidden from the user
-
When the attributes need to be Read-only for the user
-
When the attribute needs to be a drop-down list of values
-
When the attribute needs to have a default value set
-
When a specific entry format must be enforced (ex. Phone numbers)
-
When the attribute has a minimum or maximum length
-
When the descriptive label next to the attribute needs to be changed
Setting Default Values for Attributes: See Attribute Policies
Change History
Version | Notes |
---|---|
7.3.0 | Dynamic Group Administrators role is added. |
Comments
0 comments
Please sign in to leave a comment.