If you are upgrading from a version of EFT Server prior to version 5.1, any legacy "SuperAdmin" accounts are converted to "Server Admin" accounts. These accounts will only see the Server node and the Security tab when they log in. |
EFT Server allows you to assign sub administrator accounts that have very specific/granular permissions to manage EFT Server, COM, Site(s), Settings Templates, user accounts, user passwords, and reports. Permissions are assigned to sub-administrators via a series of controls on EFT Server's Security tab.
For example, suppose you want to give your help-desk people the ability to create user accounts on EFT Server, but you are worried that the help-desk might accidentally make changes to EFT Server in the process of creating these accounts. Furthermore, you do not want the help desk people to manage user accounts that belong to the engineering and marketing groups. In this example, delegated administration allows you to create one or more sub-administrator accounts that have access ONLY to user accounts management. Using Settings Template templates to house marketing, engineering, and other department accounts, you can further limit the sub-administrators to only those accounts for departments that they are authorized to manage.
Each of the sub accounts can also be allowed access to COM and or Auditing and Reporting.
The available sub administrator account types include:
Server - Can create, modify, or remove administrator accounts, and can manage Sites, Settings Templates, and user accounts.
Site - Can manage everything for a specific Site and the Settings Templates on the Site, and can change user passwords, but does not have control over EFT Server. The Site administrator cannot click the Server node nor access any of the node's tabs; stop/start the GlobalSCAPE Server service from within the Administrator; create, remove, or rename Sites, Servers, or Server Groups; access or modify EFT Server global or applet settings; close the Server engine; or stop/start any Site other than those assigned to the Site administrator.
Settings Template - (EFT Server Enterprise only) Has full control over the accounts assigned to that Setting Level, including the ability to view, add, remove, and modify user accounts, and group assignment; can change all Setting Level settings, except for the VFS root path for assigned Setting Levels; can see the entire VFS tree, but can only modify the parts of the VFS that belong to root folders that belong to the Setting Level to which the account is assigned; can access the General tab on EFT Server to view statistics; can kick and monitor users. They cannot access the Reports tab unless specifically allowed; cannot select the Site, Server, or Server Group nodes, nor view the corresponding tabs; cannot access Server settings, nor any Setting Level not assigned to their account. They can access the PGP, SFTP, and SSL key manager, and create, import, export, and add keys and certificates. They cannot delete keys or certificates.
Change Passwords -
(EFT Server Enterprise only) Can enable/disable users and change
passwords for users in their specified Settings Template(s), but cannot
add nor remove users, manage other Settings Template(s), manage Sites,
nor control EFT Server. When a Change User Password administrator logs
in to EFT Server, only the view below is available.
User - (EFT Server Enterprise only) Has all the privileges of the Change Password administrator, but can also create new users. The User administrator is not allowed to see or edit users' settings or Template settings, and is limited to change password, disable user, or create more users.
All administrator accounts are treated equally with respect to password expiration, reset, and removal of inactive accounts. |
Adding EFT Server Administrators