Role based delegation

Content: 

Overview of Role-Based Delegation 

Cayosoft Administrator has a granular set of roles that grant day-to-day administrators, help desk staff, or self-service users the ability to perform tasks that their jobs require. The Web Administrator’s Roles controls what Queries and Actions are visible to a user when they sign-in to the Cayosoft Administrator Web Portal. Other roles control what users can see and do in the Automation and Configuration console. 

What do Roles control?

• Access to the Rules and Groups nodes in the Cayosoft Console

  • Creation and modification of Runbooks and Rules in the Rules Section

  • Creation and modification of Dynamic Groups

• Access to the Configuration node in the Cayosoft Console

  • Create, modify and assign Roles

  • Configure the Web Portal

  • Install or Update Extensions

  • Modify Platform settings

  • Update Licensing

  • View Execution History

• Access to the Web Portal

  • What web queries a user can see

  • What selection dialog boxes a user can see

  • What commands the user can execute

  • The attributes that are hidden form the user

  • The attributes that are read-only for the user

What are Global Administrators?

Global Administrators will have immediate access to all Administrative Unit and their content. To limit access for a specific group of administrators, a delegation should be performed within the role that controls access to the specific features required by those administrators.

A user will get Global Administrator if one of the conditions is met:

Delegating the Web Administrators Role

What do Web Administrators Role control?

• What web queries a user can see

• What selection dialog boxes a user can see

• What commands the user can execute

When to use Attribute Policies  in combination with a Web Administrator Role

• When the attributes need to a Required entry 

• When the attributes need to be Hidden from the user

• When the attributes need to be Read-only for the user

• When the attribute needs to be a drop-down list of values

• When the attribute needs to have a default value set

• When a specific entry format must be enforced (ex. Phone numbers)

• When the attribute has a minimum or maximum length

• When the descriptive label next to the attribute needs to be changed

Setting Default Values for Attributes: See Attribute Policies

Create a Help Desk delegation 

1. Navigate to Configuration > Roles > Web Administration

2. Click Add Delegation Rule

3. In the name field, enter the name for new delegation rule Help Desk Admins

4. In the Trustee section, click Add

5. Browse and select a group that will have the Help Desk Admins delegation

6. Click OK

7. Click Save Changes at the bottom right to complete the delegation

8. Below the Trustee Permissions section, Click Add Scope

9. Check the Administrative Units, Queries Help Desk Admins Trustees should be able to see.

10. Check the following actions that will be performed by the Help Desk Admins group

    1. Clone User

    2. Compare Membership

    3. New User

    4. Reset Password

    5. Suspend User

11. Click OK

12. Click Save Changes

    Note: The account you use to logon to the web portal for testing the Help Desk Role, must be a trustee of the Help Desk Admins delegation and should not be a Global Administrator.

Attribute Policies

What do Attribute Policies Control?

• When the attributes need to a Required entry

• When the attributes need to be Hidden from the user

• When the attributes need to be Read-only for the user

• When the attribute needs to be a drop-down list of values

• When the attribute needs to have a default value set

• When a specific entry format must be enforced (ex. Phone numbers)

• When the attribute has a minimum or maximum length

• When the descriptive label next to the attribute needs to be changed

Setting Default Values for Attributes: See Attribute Policies