Role-based User Access Control

Contents

Overview

DeviceExpert deals with the sensitive configuration files of devices and in a multi-member work environment, it becomes necessary to restrict access to sensitive information. Fine-grained access restrictions are critical for the secure usage of the product. Therfore a role-based access control to achieve this.  It imports the users and their roles from  OpManager.

Access levels:
 

Access Level (Role)

Definition

Administrator

With all privileges to access, edit and push configuration of all devices. Only administrator can add devices to the inventory, add users, assign roles and assign devices. In addition, administrator can approve or reject requests pertaining to configuration upload (pushing configuration) by operators.

Operator

With privileges to access and edit configuration of specified devices. Can send requests for configuration upload (pushing configuration) to Administrators.

This section explains how to create users and assign roles for them.

User Management

User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators from OpManager. Other types of users do not have this privilege.


Administrators can create as many users as required and define appropriate roles for the user. In DeviceExpert, from Administrator login you can view only the list of existing users.

To view the existing list of users

Adding New Users

You can add new users from OpManager.

To modify the Email-id of existing Users

Privileges for Configuration and other Operations

The following table explains the privileges associated with each access level for performing various device configuration operations:



Access Level
Configuration & Other Operations
Device Addition
Upload (Pushing configuration into the device) Authority for approving various requests
Compliance 
Admin Operations
User Management

Administrator

(create, associate compliance policies)

 

Operator


(only for authorized devices, subject to approval by administrator)

 

Approving Configuration Upload Requests

Only Administrators have the absolute privilege to perform all configuration operations. Other users in the hierarchy have restricted privileges.  

Any operation that involves pushing configuration into the device (upload) requires the approval of Administrators. When operators perform any such upload operation, a request is filed for the approval by the Administrators. Email notification regarding the request is also sent to the designated Administrators. The request would be evaluated by the Administrators and they have the privilege to approve or reject the request. If the request is approved, the upload operation requested by the user gets executed.

To approve/reject a request,

[Operators can view the status of their request by following the above procedure].

 

Note:

  1. When Administrators approve a upload that is scheduled to be executed at periodic intervals, the following will be the behaviour:

    Once approved, the upload schedule will not be sent for re-approval during the subsequent executions. For example, consider that a schedule has been created by an operator to upload configuration at a periodic interval of one hour. In this case, the schedule would be submitted for approval only once. If the administrator approves it, it will get executed every hour. From the second schedule onwards, it will not be sent for approval each time. 

  2. In case, the Administrator rejects an upload request based on a Schedule, the respective request will be deleted from the database.

 

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
Network Monitoring Software from ManageEngine