Secure Mobile Access 12.4 Administration Guide

Technical Documentation>  Management>  Working with Appliance Management Console>  Administrator Accounts>  Managing Administrator Accounts and Roles>  Defining Administrator Roles
Table of Contents

Defining Administrator Roles

Role-based administration enables the primary administrator to grant limited administrative control to secondary AMC administrators.

For defining administrator roles, the features in AMC are grouped into four categories. For each category, you must specify the permissions you want to grant a role. The four categories of administrator permissions in AMC are described in the below table. The permission level for each category can be set as shown in the Permission levels table.

Administrator permissions
Category Administrator permissions
Security administration Controls administrator access to pages for access control rules, resources, users and groups, WorkPlace, OnDemand, and End Point Control.
System configuration Controls administrator access to pages for network settings, general appliance settings, SSL settings, access and network services, authentication servers, and realms.
System maintenance Controls administrator permission to shut down or restart the appliance, update or roll back the system software, and import or export configuration data.
System monitoring View access permits the administrator to view system logs and graphs, view active users, and run troubleshooting tools (such as starting, stopping, downloading, and deleting network traces). Modify provides additional permissions to terminate user sessions and modify log settings.
Permission levels
Permission level Description
Modify Permits read/write access within a category.
View Provides read-only access within a category.
None Disables access to the relevant AMC pages within a category. When you select None as the permission level for a category, AMC does not display either the pages within that category or the main navigation menu commands that lead to those pages.

To create an administrator role

  1. In the AMC, navigate to System Configuration > General Settings.

  2. In the Administrators section, click Edit for the Administrator accounts.

    The Administrators page displays and lists the administrators and their roles.

  3. Click the Roles tab.

  4. Click the + (New) icon.

    The Add Administrator Role page displays.

  5. In the Name field, type the name for the administrator role.

  6. (Optional) In the Description field, type a descriptive comment about the role.

  7. In the Administrator permissions section, select one or more categories of permissions that will be granted to the role.

  8. Click Save.