You can restrict access to the TFTP, HTTP and FTP services provided by the appliance. By default, the appliance denies access to the TFTP, HTTP and FTP services, unless an admin group has their administrative permissions defined.
You can grant read-only or read/write permission, or deny access to the following resources:
- Grid File Distribution Properties—Applies to the Grid and its members, directories, and files. You can set this from the Administrators perspective only.
- Member File Distribution Properties—Applies to the Grid member properties only.
- A specific directory—Applies to the directory and its files.
For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for file distribution services.
Table 4.26 Permissions for File Distribution Services
| Grid File Distribution Properties | Member Distribution Properties | Specific Directory |
|---|---|---|---|
Create and remove directories and files | RW | ||
Modify the Grid and member file distribution properties | RW | ||
View the Grid and member file distribution properties, directories, and files | RO | ||
Modify the member file distribution properties | RW | ||
View the member file distribution properties | RO | ||
Add and delete a directory, subdirectories, and files in the directory | RW | ||
View a directory and its subdirectories and files | RO |
Administrative Permissions for Dashboard Tasks
Limited-access admin groups can configure IPAM tasks on the Tasks Dashboard only if their administrative permissions are defined. The appliance denies access to IPAM tasks for which an admin group does not have defined permissions.
You can grant read-only or read/write permission, or deny access to IPAM tasks as follows:
- All IPAM tasks on the Tasks Dashboard
- A specific IPAM task
When you deny access to an IPAM task for an admin group, uses cannot configure the task on their dashboards. Users must have at lease read-only permission to a specific task to see it in the task pack. To perform a specific task, users must also have read/write permission to the objects associated with the task. For information about specific permissions for IPAM, DNS, and DHCP objects, see Administrative Permissions for IPAM Resources, Administrative Permissions for DNS Resources, and Administrative Permissions for DHCP Resources.
For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for configuring IPAM tasks on the Tasks Dashboard.
Table 4.27 Permissions for IPAM Tasks
| All Dashboard Tasks | Add Networks | Add Hosts | Add Fixed Addresses | Add CNAME Record | Add TXT Record | Add MX Record |
|---|---|---|---|---|---|---|---|
Configure all tasks in the IPAM task pack | RO RW | ||||||
Configure the Add Networks task | RO RW | ||||||
Configure the Add Hosts task | RO RW | ||||||
Configure the Add Fixed Addresses task | RO RW | ||||||
Configure the Add CNAME Record task | RO RW | ||||||
Configure the Add TXT Record task | RO RW | ||||||
Configure the Add MX Record task | RO RW |
Administrative Permissions for Certificate Authentication Services and CA Certificates
Limited-access admins can configure certificate authentication services and CA certificates only if their administrative roles and permissions are defined. If you want to allow admins to configure two-factor authentication, you can assign the PKI Admin role to limited-access admins or grant them read/write permissions to the following:
- All certificate authentication services
- All CA Certificates
For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the admin tasks and required permissions for configuring certificate authentication services and managing CA certificates.
Table 4.28 Administration Permissions
| Grid Member(s) | All Certificate Authentication Services | All CA Certificates | |||
|---|---|---|---|---|---|---|
Create, modify, and delete certificate authentication services | RW | |||||
Create, modify, and delete CA certificates | RW | RW |