Versions Compared

Version Old Version 1 New Version Current
Changes made by

Aliaksei Shautsou (Deactivated)

Arkadi_Bourkov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can restrict access to the

Anchor
bookmark563
bookmark563
TFTP, HTTP and FTP services provided by the appliance. By default, the
Anchor
bookmark564
bookmark564
appliance denies access to the TFTP, HTTP and FTP services, unless an admin group has their administrative permissions defined.
You can grant read-only or read/write permission, or deny access to the following resources:

  • Grid File Distribution Properties—Applies to the Grid and its members, directories, and files. You can set this from the Administrators perspective only.

...

  • Member File Distribution Properties—Applies to the Grid member properties only.
  • A specific directory—Applies to the directory and its files.

For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for file distribution services.

Table 4.26 Permissions for File Distribution Services

Tasks

Anchor
Administrative Permissions for Dashboard
Administrative Permissions for Dashboard
Anchor
bookmark565
bookmark565
Anchor
bookmark566
bookmark566
Anchor
bookmark567
bookmark567
Grid File Distribution Properties

Member Distribution Properties

Specific Directory

Create and remove directories and files

RW

 

 



Modify the Grid and member file distribution properties

RW

 

 



View the Grid and member file distribution properties, directories, and files

RO

 

 



Modify the member file distribution properties

 


RW

 


View the member file distribution properties

 


RO

 


Add and delete a directory, subdirectories, and files in the directory

 

 



RW

View a directory and its subdirectories and files

 

 



RO


Administrative Permissions for Dashboard Tasks
Limited-access admin groups can configure IPAM tasks on the Tasks Dashboard only if their administrative permissions are defined. The appliance denies access to IPAM tasks for which an admin group does not have defined permissions.
You can grant read-only or read/write permission, or deny access to IPAM tasks as follows:

  • All IPAM tasks on the Tasks Dashboard
  • A specific IPAM task

When you deny access to an IPAM task for an admin group, uses cannot configure the task on their dashboards. Users must have at lease read-only permission to a specific task to see it in the task pack. To perform a specific task, users must also have read/write permission to the objects associated with the task. For information about specific permissions for IPAM, DNS, and DHCP objects, see Administrative Permissions for IPAM Resources, Administrative Permissions for DNS Resources, and Administrative Permissions for DHCP Resources

...

.
For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for configuring IPAM tasks on the Tasks Dashboard.

...

...

Table 4.27 Permissions for IPAM Tasks






Tasks

Anchor
Administrative Permissions for Certifica
Administrative Permissions for Certifica
Anchor
bookmark568
bookmark568
Anchor
bookmark569
bookmark569
Anchor
bookmark570
bookmark570
All Dashboard Tasks

Add Networks

Add Hosts

Add Fixed Addresses

Add CNAME Record

Add TXT Record

Add MX Record

Configure all tasks in the IPAM task pack

RO RW

 

 

 

 

 

 







Configure the Add Networks task

 


RO RW

 

 

 

 

 






Configure the Add Hosts task

 

 



RO RW

 

 

 

 





Configure the Add Fixed Addresses task

 

 

 




RO RW

 

 

 




Configure the Add CNAME Record task

 

 

 

 





RO RW

 

 



Configure the Add TXT Record task

 

 

 

 

 






RO RW

 


Configure the Add MX Record task

 

 

 

 

 

 







RO RW


Administrative Permissions for Certificate Authentication Services and CA Certificates
Limited-access admins can configure certificate authentication services and CA certificates only if their administrative roles and permissions are defined. If you want to allow admins to configure two-factor authentication, you can assign the PKI Admin role to limited-access admins or grant them read/write permissions to the following:

  • All certificate authentication services
  • All CA Certificates

For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the admin tasks and required permissions for configuring certificate authentication services and managing CA certificates.

Table 4.28 Administration Permissions









Tasks

Grid Member(s)

All Certificate Authentication Services

All CA Certificates

 

 

 




Create, modify, and delete certificate authentication services

 


RW

 

 

 

 





Create, modify, and delete CA certificates

RW

 


RW

 

 

 

...