Administrative Permissions for File Distribution Services

You can restrict access to the TFTP, HTTP and FTP services provided by the appliance. By default, the appliance denies access to the TFTP, HTTP and FTP services, unless an admin group has their administrative permissions defined.
You can grant read-only or read/write permission, or deny access to the following resources:

Grid File Distribution Properties—Applies to the Grid and its members, directories, and files. You can set this from the Administrators perspective only.
Member File Distribution Properties—Applies to the Grid member properties only.
A specific directory—Applies to the directory and its files.

For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for file distribution services.

Table 4.26 Permissions for File Distribution Services

Tasks	Grid File Distribution Properties	Member Distribution Properties	Specific Directory
Create and remove directories and files	RW
Modify the Grid and member file distribution properties	RW
View the Grid and member file distribution properties, directories, and files	RO
Modify the member file distribution properties		RW
View the member file distribution properties		RO
Add and delete a directory, subdirectories, and files in the directory			RW
View a directory and its subdirectories and files			RO

Administrative Permissions for Dashboard Tasks
Limited-access admin groups can configure IPAM tasks on the Tasks Dashboard only if their administrative permissions are defined. The appliance denies access to IPAM tasks for which an admin group does not have defined permissions.
You can grant read-only or read/write permission, or deny access to IPAM tasks as follows:

All IPAM tasks on the Tasks Dashboard
A specific IPAM task

When you deny access to an IPAM task for an admin group, uses cannot configure the task on their dashboards. Users must have at lease read-only permission to a specific task to see it in the task pack. To perform a specific task, users must also have read/write permission to the objects associated with the task. For information about specific permissions for IPAM, DNS, and DHCP objects, see Administrative Permissions for IPAM Resources, Administrative Permissions for DNS Resources, and Administrative Permissions for DHCP Resources.
For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for configuring IPAM tasks on the Tasks Dashboard.

Table 4.27 Permissions for IPAM Tasks

Tasks	All Dashboard Tasks	Add Networks	Add Hosts	Add Fixed Addresses	Add CNAME Record	Add TXT Record	Add MX Record
Configure all tasks in the IPAM task pack	RO RW
Configure the Add Networks task		RO RW
Configure the Add Hosts task			RO RW
Configure the Add Fixed Addresses task				RO RW
Configure the Add CNAME Record task					RO RW
Configure the Add TXT Record task						RO RW
Configure the Add MX Record task							RO RW

Administrative Permissions for Certificate Authentication Services and CA Certificates
Limited-access admins can configure certificate authentication services and CA certificates only if their administrative roles and permissions are defined. If you want to allow admins to configure two-factor authentication, you can assign the PKI Admin role to limited-access admins or grant them read/write permissions to the following:

All certificate authentication services
All CA Certificates

For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the admin tasks and required permissions for configuring certificate authentication services and managing CA certificates.

Table 4.28 Administration Permissions

Tasks	Grid Member(s)	All Certificate Authentication Services	All CA Certificates
Create, modify, and delete certificate authentication services		RW
Create, modify, and delete CA certificates	RW		RW