Creating and Configuring Secure Access Device Administrator Roles (NSM Procedure)
An administrator role specifies Secure Access device management functions and session properties for administrators who map to the role. You can customize an administrator role by selecting the Secure Access device feature sets and user roles that members of the administrator role are allowed to view and manage. You can create and configure administrator roles through the Delegated Admin Roles page.
![]() | Note: To create individual administrator accounts, you must add the users through the appropriate authentication server (not the role). For example, to create an individual administrator account, you may use settings in the Authentication > Auth. Servers > Administrators > Users page of the admin console. |
To create an administrator role:
- In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure administrator role.
- Click the Configuration tree tab, and select Administrators > Admin Roles.
- Click the New button and the New dialog box appears.
- Click General > Overview to add or modify settings as specified in Table 11.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 11: Administrator Role Configuration Details
Option | Function | Your Action |
---|---|---|
General > Overview tab | ||
Name | Specifies a unique name for the administrator role. | Enter a name. |
Description | Describes the administrator role. | Enter a brief description for the administrator role. |
Session Options | Specifies the maximum session length, roaming capabilities, and session persistence. | Select General > Session Options to apply the settings to the role. |
UI Options | Specifies customized settings for the Secure Access device welcome page for Odyssey Access Client users mapped to this role. | Select General > UI Options to apply the settings to the role. |
Delegated Users Settings > Roles > Delegate User Roles | ||
Administrators can manage ALL roles | Specifies whether the administrator can manage all roles. | Select the user roles in the Non-members list and click Add if you only want to allow the administrator role to manage selected user roles |
Access | Specifies which user role pages the delegated administrator can manage. | Select an access option from the drop-down list.
|
Delegated Users Settings > Roles > Delegate As Read-Only Role | ||
Administrator can view (but not modify) ALL roles | Allows the administrator to view the user roles, but not manage. | Select the user role that you want to allow the administrator to view. Note: If you specify both write access and read-only access for a feature, the Secure Access device grants the most permissive access. |
Delegated Users Settings > Realms > Delegate User Realms | ||
Administrator can manage ALL realms | Specifies whether the administrator can manage all user authentication realms. | Select the user realm. If you only want to allow the administrator role to manage selected realms, select those realms in the Members list and click Add. |
Access | Specifies which user authentication realms pages that the delegated administrator can manage. | Select an access option from drop-down list.
|
Delegated Users Settings > Realms > Delegate As Read-Only Realms | ||
Administrator can view (but not modify) ALL realms | Allows the administrator to view the user authentication realms, but not modify. | Select the user authentication realms that you want to allow the administrator to view. Note: If you specify both write access and read-only access for an authentication realm page, the Secure Access device grants the most permissive access. |
Delegated Administrator Settings > Management of Admin roles | ||
Manage ALL admin roles | Manages all admin roles. | Select Delegated Administrator Settings > Management of Admin roles > Manage ALL admin rolesto manage all the admin roles. |
Allow Add/Delete admin roles | Allows the security administrator to create administrator roles, even if the security administrator is not part of the Administrators role. Note: This option appears only when you enable the Manage All admin roles option. | Select to allow the security administrator to add and delete admin roles. |
Access | Indicates the level of access that you want to allow the security administrator role to set for system administrators. Note: This option appears only when you enable the Manage All admin roles option. | Select an access option:
|
Delegated Administrator Settings > Management of Admin realms | ||
Manage ALL admin realms | Manages all admin realms. | Select Delegated Administrator Settings > Management of Admin realms > Manage ALL admin realms. |
Allow Add/Delete admin realms | Allows the security administrator to create and delete administrator realms, even if the security administrator is not part of the administrators role. Note: This option only appears when you choose to enable the Manage All admin realms. | Select to allow the security administrator to add and delete admin realms. |
Access | Indicates the level of realm access that you want to allow the security administrator role to set for system administrators for each major set of admin console pages. Note: This option appears only when you enable the Manage All admin realm option. | Select an access option:
|
Delegated Resource Policies > All tab | ||
Access | Indicates the level of access that you want to allow the administrator role for each Resource Policies submenu. | Select an access option:
|
Delegated Resource Policies > Web > File > SAM > Telnet SSH > Terminal Services > Network Connect | ||
Access | Allows you to pick and choose administrator privileges for each type of resource policy. | Select Deny or Read or Write access level for the type of resource. |
Additional Access Policies | Allows you to specify access level to individual policy (For example, if you want to control access to a resource policy that controls access to www.google.com) | Select a resource policy. |
Access | Allows you to pick and choose administrator privileges for each individual resource policy. | Select Read or Write access level for the policy. |
Delegated Resource Policies > Email Client | ||
Access | Allows you to pick and choose administrator privileges (Deny, Read, or Write) for the policy. | Select Deny or Read or Write access level for the. |
Delegated Resource Profiles > All tab | ||
Access | Indicate the level of access that you want to allow the administrator role for each Resource Profiles. | Select an access option:
Note: The Web, File, SAM, Telnet SSH, and Terminal Services tabs are enabled only when you select Custom Settings from the drop down list. |
Delegated Resource Profiles > Web > File > SAM > Telnet SSH > Terminal Services | ||
Access | Allows you to pick and choose administrator privileges for each type of resource profiles. | Select Deny or Read or Write access level for the type of resource. |
Additional Access Profiles | Allows you to specify access level to individual profiles (For example, if you want to control access to a resource profiles that controls access to www.google.com). | Select the resource profile for which you want to provide a custom access level, and click Add. |
Access | Allows you to pick and choose administrator privileges (Deny, Read, or Write) for the profiles. | Select Read or Write access level for the profiles. |