Manage administrator user roles
| In this context, users are specifically administrator users who can access and modify parts of the |
Access Control
Role contains a combination of permissions. You can configure roles to correspond to a user's responsibilities, for instance, as a helpdesk operator, policy administrator, or network administrator. By assigning an appropriate role to the user, the user obtains permissions to perform certain tasks in Secure Email Gateway. This also means that the user can only access to the areas of the user interface related to the role.
Applying access control to an Active Directory group
You do not have to add users explicitly and individually to enable administrator access to the system. Instead, you can link a new or existing role to an AD group. All members of this group will obtain the permissions defined in that role.
Add roles
-
Select the Users menu. The Users page is displayed.
-
Select the Roles tab.
-
Click
New. The Modify Role page is displayed. -
In the Overview panel, click Click here to change these settings.
Provide a meaningful Name for the role and an optional Description and click Save.
-
If you would like to link the role to an Active Directory group, click Click here to change these settings in the Active Directory Group panel.
In the Active Directory Group DN field, enter the distinguished name of your intended AD group. You can click
Search Active Directory groups and select your group from a list.Only Universal Security Groups (i.e. those where Group Scope is "Universal", and Group Type is "Security") are listed. You can type in another group name if you know that it exists and is functional. You can filter your search by providing either a substring or a UPN, in which case the list will contain the groups whose names contain the substring, or the groups the UPN is a member of respectively.
If you move a group in the AD hierarchy, you will need to update the group name in Secure Email Gateway.
Also note that nested AD groups are not supported, therefore, each group must be linked individually.
Click Save.
-
In the Access Control panel, click Click here to change these settings.
-
To give the role administrator permissions, select the All permissions check box in the Administration Role section. This is the same permissions as the admin super-administrator user.
-
To give the role limited permissions, select required check box(es) in the Specific Permissions section. This section controls what a user can do within the
-
Review the Message Areas section and make required changes. This section controls what a user can do and view within any given message area. If the administration role (all permissions) is selected, the section is not editable.
Click Save.
-
Modify roles
-
Select the Users menu. The Users page is displayed.
-
Select the Roles tab.
-
From the Roles list, select the role you wish to modify and click
Edit. The Modify Role page is displayed. -
In the Overview panel, click Click here to change these settings.
Edit the details as required and click Save.
-
In the Active Directory Group panel, click Click here to change these settings.
Edit the details as required and click Save.
-
In the Access Control panel, click Click here to change these settings.
Edit the details as required and click Save.
| If your own user is assigned a role that has the required permissions, or you are using the admin super-administrator user, you can modify the details of other users, including passwords and access controls. You can also change the details of your own user. |
Delete roles
-
Select the Users menu. The Users page is displayed.
-
Select the Roles tab.
-
From the Roles list, select the role you wish to delete and click
Delete. -
Click Yes in the Confirm Delete dialog to confirm the removal.
|
You cannot delete your own role, or the role of a local user, or a local AD user. You can delete the role of a dynamic user, in which case, if they are logged in, they will be denied further access to the system. |