If you are upgrading from a version of EFT Server prior to version 5.1, any legacy "SuperAdmin" accounts are converted to "Server Admin" accounts. These accounts will only see the Server node and the Administration tab when they log in. |
EFT Server allows you to assign sub administrator accounts that have very specific or "granular" permissions to manage EFT Server, COM, Site(s), user accounts, user settings, user passwords, and reports. Permissions are assigned to sub-administrators via a series of controls on the Server's Administration tab.
For example, suppose you want to give your help-desk people the ability to create user accounts on EFT Server, but you are worried that the help-desk might accidentally make changes to EFT Server in the process of creating these accounts. Furthermore, you do not want the help desk people to manage user accounts that belong to the engineering and marketing groups. In this example, delegated administration allows you to create one or more sub-administrator accounts that have access ONLY to user accounts management. Using User Setting Level templates to house marketing, engineering, and other department accounts, you can further limit the sub-administrators to only those accounts for departments that they are authorized to manage.
Each of the sub accounts can also be allowed access to COM and or Auditing and Reporting.
The available sub administrator account types include:
Server - Can create, modify, or remove administrator accounts, and can manage Sites, User Setting Levels, and user accounts.
Site - Can manage everything for a specific Site and the User Setting Levels on the Site, and can change user passwords, but does not have control over EFT Server. The Site administrator cannot select the Server node nor access any of the node's tabs; stop/start the GlobalSCAPE EFT Server service from within EFT Administrator; create, remove, or rename Sites, Servers, or Server Groups; access or modify EFT Server global or applet settings; close the EFT Server engine; or stop/start any Site other than those assigned to the Site administrator.
Settings Level - Has full control over the accounts assigned to that Setting Level, including the ability to view, add, remove, and modify user accounts, and group assignment; can change all Setting Level settings, except for the VFS root path for assigned Setting Levels; can see the entire VFS tree, but can only modify the parts of the VFS that belong to root folders that belong to the Setting Level to which the account is assigned; can access the Status tab on EFT Server; can kick and monitor users. They cannot access the Reports tab unless specifically allowed; cannot select the Site, Server, or Server Group nodes, nor view the corresponding tabs; cannot access Server settings, nor any Setting Level not assigned to their account. They can access the PGP, SFTP, and SSL key manager, and create, import, export, and add keys and certificates. They cannot delete keys or certificates.
Change Passwords -
Can enable/disable users and change passwords for users in their
specified User Setting Level(s), but cannot add nor remove users, manage
other User Setting Level(s), manage Sites, nor control EFT Server. When
a Change Password administrator logs in to EFT Server, only the view below
is available.
All administrator accounts are treated equally with respect to password expiration, reset, and removal of inactive accounts. |
Adding EFT Server Administrators