Define Administrators
DefiNE administrators
There are three types of administrators in the Console:
| Role | Description |
|---|---|
| Supervisor |
Can be created during the Server installation. If not, can be created during the first Console login (Creating a supervisor). Has all permissions which cannot be restricted. |
| Super Administrator | A super administrator is created by the supervisor. He owns all rights. The rights can be restricted by the supervisor by hiding console commands for the super administrator. Any number of super administrators can be created. A Windows user account can also act as a super administrator. |
| Administrator | An administrator is created by the supervisor or a super administrator. The rights of an administrator may be restricted by the supervisor or a super administrator through global or domain-specific roles. Any number of administrators can be created. A Windows user account can also act as administrator. |
Create administrators or super administrators
- Go to Administration | Superadmin | Administrators & scopes.
- In the Administrators work area, click Create.
- The Create account dialog appears.
- Select whether to create an administrator or a super administrator.
- Define login and password.
- In the E-mail field, define an e-mail address of an administrator/super administrator. If later a super admin or a supervisor changes the e-mail of an administrator, the last changed e-mail is considered as a valid one. With activated IntellAct Automation product, this email is used to inform respective tenant admins and super admins about Server events.
- Click OK.
- The new administrator (super administrator) appears in the Administrators section.
Grant administrative (super administrative) privileges to users from directory service
- Go to Administration | Superadmin | Administrators & scopes.
- In the Administrators work area,
- Click From AD in the Super Administrators tab to grant super administrative privileges or
- Click From AD in the Administrators tab to grant administrative privileges.
- The Selection of users dialog appears.
- Select a user from the list and click the right arrow. You can select several Windows user accounts as console administrators at once.
- Click OK.
New users are appearing in the Administrators section under the Administrators or Super administrators tab. Now they can login to console using Windows account.
To login to Console as a user with granted administrative (super administrative) privileges:
- Click
in the top right corner of the Console window. - The Connect to EgoSecure server dialog appears.
- Clear the Use EgoSecure authentication box.
- Click OK to login.
Login to Console occurs successfully if the user with granted administrative (super administrative) privileges is currently logged in to the operating system.
Create and assign administrative roles
To restrict the rights of administrators (not super administrators), you can create roles and assign them to administrators. You determine whether a role owner gets write or read access (or both) for certain options.
There are two types of roles:
- Global
- Scope specific
| Criteria | Global | Scope specific |
|---|---|---|
| Role purpose | Permit access to defined Console sections. Permitted sections are defined in Administration | Superadmin | Administrative roles | Operations work area. | |
| Role scope | Admin manages a directory structure on the whole without distinction (all users and computers of a domain, for example). It means that he, for example, cannot assign a filter to one user of the directory structure, because he is not permitted to see directory objects contained within the domain. | One of the permitted directory objects. |
Create a Role
- Go to Administration | Superadmin | Administrative roles.
- In the Global roles or Scope specific roles tab, click Add.
- Specify a role name.
- In the Operations – [role name] work area, set check boxes to permit operations.
- Click Save
Assign a global role to an administrator
- Go to Administration | Superadmin | Administrators & scopes.
- Select an administrator in the Administrators work area -> Administrators tab.
- In the Administrative roles - [admin name] | Global roles tab, select a role created in Administration | Superadmin | Administrative roles.
- Click Save
Assign a scope specific role to an administrator
- Go to Administration | Superadmin | Administrators & scopes.
- Select an administrator in the Administrators work area | Administrators tab.
- In the Administrative roles – [admin name] | Scope specific roles tab, click a scope (directory objects that can be managed by the administrator to whom the role is assigned).
- In the Administrative roles selection work area, enable the roles. Once roles are enabled, the selected directory object changes its color.
- Click Save
The administrator receives the rights of the role for the selected section of the directory service structure