Delegated Administration

EFT Server allows you to assign sub administrator accounts that have a very specific subset of permissions for managing EFT Server, COM, Site(s), Settings Templates, user accounts, user passwords, and reports. Permissions are assigned to sub-administrators via a series of controls on EFT Server's Administration tab.

For example, suppose you want to give your help-desk people the ability to create user accounts on EFT Server, but you are worried that the help-desk might accidentally make changes to EFT Server in the process of creating these accounts. Furthermore, you do not want the help desk people to manage user accounts that belong to the engineering and marketing groups. In this example, delegated administration allows you to create one or more sub-administrator accounts that have access ONLY to user accounts management. Using templates to house marketing, engineering, and other department accounts, you can further limit the sub-administrators to only those accounts for departments that they are authorized to manage.

Each of the sub accounts can also be allowed access to COM and or Auditing and Reporting.

The available sub administrator account types include:

Server Admin - Can create, modify, or remove administrator accounts, and can manage Sites, Settings Templates, and user accounts.
Site Admin - Can manage everything for a specific Site and the Settings Templates on the Site, and can change user passwords, but does not have control over EFT Server. The Site administrator cannot click the Server node nor access any of the node's tabs; stop/start the GlobalSCAPE Server service from within the administration interface; create, remove, or rename Sites, Servers, or Server Groups; access or modify EFT Server global or applet settings; close the Server engine; or stop/start any Site other than those assigned to the Site administrator.
Template Settings Admin - (EFT Server Enterprise only) Has full control over the accounts assigned to that Settings Template, including the ability to view, add, remove, and modify user accounts, and group assignment; can change all Settings Template settings, except for the VFS root path for assigned Setting Templates; can see the entire VFS tree, but can only modify the parts of the VFS that belong to root folders that belong to the Settings Template to which the account is assigned; can access the General tab on EFT Server to view statistics; can kick and monitor users. They cannot access the Reports tab unless specifically allowed; cannot select the Site, Server, or Server Group nodes, nor view the corresponding tabs; cannot access Server settings, nor any Settings Template not assigned to their account. They can access the PGP, SFTP, and SSL key manager, and create, import, export, and add keys and certificates. They cannot delete keys or certificates.
- A Template Settings administrator is not permitted to change the Settings Template home (root) folder that was assigned by the Site or Server administrator.
- A Template Settings administrator is not permitted to change the value of the "Treat home folder as user's default root folder" setting.
- When creating or modifying users, the Template Settings administrator cannot browse or manually designate paths relative to the Settings Template root folder.
- A Template Settings administrator can delete users and, consequently, the user’s home and sub-folders, as long as the user belongs to a template assigned to that administrator, and that user’s root folder is subordinate to the Settings Template root folder.
User Admin - (EFT Server Enterprise only) Has all the privileges of the Change Password administrator, but can also create new users. The User administrator is not allowed to see or edit users' settings or Template settings, and is limited to change password, disable user, or create more users. User Admins can unlock user accounts.
Change Passwords Admin - (EFT Server Enterprise only) Can enable/disable users and change passwords for users in their specified Settings Template(s), but cannot add nor remove users, manage other Settings Template(s), manage Sites, nor control EFT Server. When a Change User Password administrator logs in to EFT Server, only the view below is available.

All administrator accounts are treated equally with respect to password expiration, reset, and removal of inactive accounts.