Overview
This article defines the permission types that you can enable across the system or on specific device groups to set up a delegated administration environment.
Information
Permission Types
You can assign the following permission types to roles that you create in the Administrator Console:
-
Global (server-wide): Permission to manage a particular area of functionality across the
entire Surveyor deployment. -
Group level: Permission to perform specified management tasks on selected groups.
For example, a Policy Administrator role might be granted permission to create and edit policies across the system, but not to apply policies to devices. A Help Desk role might have permission only to change the power state of devices in specific groups.
Global Permissions
In the Administrator Console, you can grant administrative permissions across the entire Surveyor deployment.
- Manage group assignment rules: Permission to create, modify, or delete the group assignment rules and conditions, which are designed to move devices from one location in the organizational tree to another.
- Manage power estimates for summarization: Permission to edit the watt draw values on the Device Power Draws page and also to summarize data used for reports. Global permissions can effectively expand a role's access to some group-level tasks.
Caution: Global permissions grant access to the selected area over the entire Surveyor deployment. If you have these permissions, consider changes carefully and only after you have a clear understanding of how those changes will affect existing policies and devices.
Group Permissions
The table below describes the levels of access that you can allow on specific groups.
Note: Permissions that you enable on a group are inherited on all of its subgroups.
Effective Permissions
If a user is a member of multiple roles, the effective permissions that the user has on a group are the set that provides the highest level of access. This is true whether the role is given permissions directly on the group or indirectly through inheritance from an ancestor group.
Additionally, having global permissions for an area can effectively expand group-level permissions. Enabling global permissions set gives access to create rules that move any device to any location in the organizational tree.
Comments
0 comments
Article is closed for comments.