Print Download Documentation Send Feedback

Previous

Next

Multi-Domain Permission Profile

What can I do here?

Use this window to configure Multi-Domain Permission Profiles.

Getting Here

Getting Here - SmartConsole for Multi-Domain Server > Multi Domain > Permissions and Administrators > Permission Profiles > New > Multi-Domain Permission Profile

Predefined Multi-Domain Permission Profiles

Multi-Domain Security Management includes predefined Multi-Domain and Domain permission profiles that are ready to use. You cannot delete or change these profiles. You can create custom permission profiles as necessary for your environment.

These are the predefined Multi-Domain permission profiles available in this release. In the Permissions Profile view, double-click each profile to see the permissions it includes:

Permission Profile

Permissions

Multi-Domain Superuser

 

Manage all elements of the Multi-Domain Security Management environment, including: Multi-Domain Servers, Multi-Domain Log Servers, Domains, Domain Management Servers, Global Policies, administrators and permission profiles. Multi-Domain Superusers manage all Domain objects, including Security Gateways, Policies, rules, networks and other objects.

Domain Superuser

 

Manage all Domains, Domain Management Servers, Domain networks, global objects, and global configurations. They manage Domain objects, including Security Gateways, Policies, rules, networks and other objects.

Domain Superusers can create and manage other administrators, manage other administrators' sessions, and manage permission profiles at the same or lower levels. Domain Superusers cannot create or change the settings for Multi-Domain Servers or Multi-Domain Log Servers.

Global Manager

 

Manage Global Domains, global configurations, global rules, and global assignments. Global Managers can manage Domains, but not add or delete domains or manage Multi-Domain Servers. Global managers can manage administrators with equal or lower permissions.

Global Managers can create new global assignments and can assign Global Policies to Domains that they have permissions to manage.

Domain-Level permissions are based on the assigned Domain permission profile.

Domain Manager

 

Manage Domain Policies, networks and objects based on their permission profile. Domain Managers can manage administrators with equal or lower permissions.

Domain Managers can reassign Global Policies to Domains that they have permissions to manage. They cannot create new global assignments.

Domain-Level permissions are based on the assigned Domain permission profile.

Domain Level Only

 

Manage Domain Policies, networks and objects based on their permission profile. These administrators cannot manage the Multi-Domain Security Management system or its configuration settings, or login to the Multi-Domain Servers.

Domain-Level permissions are based on the assigned Domain permission profile.

Pre-Defined Domain Permission Profiles

When you assign an administrator to Domain, you must also assign a Domain Permission Profile. You can assign a predefined Permission Profile or a custom Permission Profile for this administrator.

Permission Profile

Permissions

Read/Write

Read and write permissions for all Domain settings and data without session management or DLP confidential data. The Read/Write option lets the administrator see and configure an item.

Read Only

Read only permissions for all Domain data. Read Only lets the administrator see an item, but not change it.

Working with Multi-Domain Permission Profiles

Use this procedure to create or change customized Multi-Domain permission profiles. Only administrators with Superuser permissions can do this.

To create a custom permission profile:

  1. Connect to the Multi-Domain Server with SmartConsole, and go to Permissions & Administrators > Permission Profiles.
  2. In the Permission Profile page, click New.
  3. Select New Multi-Domain Permission Profile.
  4. In the New Multi-Domain Permission Profile window, select an administrator role and configure the permission settings. The next section explains the available settings and parameters.

To change an existing Multi-Domain permission profile:

  1. Select a permission profile on the Permission Profiles page.
  2. Click Edit and change the administrator role and permission settings as necessary.

To delete an existing Multi-Domain permission profile:

  1. Select a permission profile on the Permission Profiles page.
  2. Click Delete.

Multi-Domain Permission Profile Parameters

Multi-Domain Levels

Select an administrator role:

The selected role affects the permissions that you can configure in the next parts: Multi Domain Management, Global Management, and Domain Management. For example, Superusers always have Domain Management permissions.

Multi-Domain Management Activities

Enable or disable permissions for these activities:

Global Management Activities

All options are enabled automatically for superusers. Managers can select them.

Domain Management

This profile defines the default Domain permissions that automatically apply when you create a new administrator account. After you create the administrator account, you can change its Domain profile as necessary.

Select a default profile from the list. This option is enabled automatically for superusers, and Managers can optionally select it.

Deleting a Permission Profile

You can only delete customized Permission Profiles.

To delete an existing Permission Profile:

  1. In SmartConsole for Multi-Domain Server, select Multi-Domain > Permission Profiles.
  2. In the Permission Profile window, select a profile and then click Delete.
  3. Click Yes to confirm.