User roles and levels of security
As the administrator who assigns user rights to various operators, you will want to spend some time determining a strategy for making these assignments. By carefully diversifying these rights among your operators, you can be sure that the power to make key changes is not concentrated in just a few individuals.
For example, you might give one user permission to edit policies and a different user permission to deploy policies. By distributing the editing and deployment rights between two users, you make it difficult for an unscrupulous user to create and deploy a harmful policy.
For even greater security, you could give user A edit rights, user B group rights, and user C deployment rights. This is more secure because anyone who has group rights can change a group so that it is an auto-deploy group, thus circumventing the lack of deployment permission.
Additionally, the operator lockdown feature allows you to prevent users from accessing any console functionality.
The table shows three user roles. Users 1 and 2 are assigned to role 1. User 3 is assigned to role 2, and user 4 is assigned to role 3.
- Role 1 users can:
- Deploy policies of category a
- Read, create, modify, and delete policies of category b
- Read and deploy all other policies
- View Policy Management
- Perform Policy Group and Job handling
- The Role 2 user can:
- Read
- View Policy Management
- The Role 3 user cannot view policy management at all.
| Role | User | Category | Category-based Rights | Global Rights |
| Role 1 | User 1 | a | Deploy | View Policy Management, Job Handling, Group Handling |
| User 2 | b | Edit, Delete, Read | View Policy Management, Job Handling, Group Handling | |
| Default | Read, Deploy | View Policy Management, Job Handling, Group Handling | ||
| Role 2 | User 3 | Default | Read | View Policy Management |
| Role 3 | User 4 | Default | / | / |
NOTE:The predefined Default denotes all categories for which no special rights have been defined.