Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual page 74

NSM Infranet Controller Configuration Guide
56
Table 10: Administrator Role Configuration for Delegation (continued)
Option Function
Access Specifies which user role
pages the delegated
administrator can manage.
Users > Role > Delegate As Read-Only Role
Administrator Allows the administrator to
can view (but view the user roles, but not
not modify) ALL manage.
roles
Users > Realms > Delegate User Realms
Administrators Specifies whether the
can manage administrator can manage
ALL realms all user authentication
realms
Access Specifies which user
authentication realms pages
that the delegated
administrator can manage.
Users > Realms > Delegate As Read-Only Realms
Administrator Allows the administrator to
can view (but view the user authentication
not modify) ALL realms, but not modify.
realms
Your Action
Select Write All to specify that members of
the administrator role can modify all user
role pages.
Select Custom Settings to allow you to pick
and choose administrator privileges (Deny,
Read, or Write) for the individual user role
pages.
Select the user roles that you want to allow the
administrator to view.
NOTE: If you specify both write access and
read-only access for a feature, the Infranet
Controller grants the most permissive access.
For example, if you select the Administrators
can manage ALL roles check box under
Delegate User Roles, and then select the Users
role on the Delegate As Read-Only Roles page
then the Infranet Controller allows the
delegated administrator role full management
privileges to the Users role.
Select the user realm. If you only want to allow
the administrator role to manage selected
realms, select those realms in the
Non-members list and click Add to move it to
the Members list.
Select Write All to specify that members of
the administrator role can modify all user
authentication realm pages.
Select Custom Settings to allow you to pick
and choose administrator privileges (Deny,
Read, or Write) for the individual user
authentication realm pages.
Select the user authentication realms that you
want to allow the administrator to view.
NOTE: If you specify both write access and
read-only access for an authentication realm
page, the Infranet Controller grants the most
permissive access. For example, if you select
the Administrators can manage ALL realms
check box under Delegate User Realms, and
then select the Users role on the Delegate As
Read-Only Realms page, then the Infranet
Controller allows the delegated administrator
role full management privileges to the Users
realm.
Copyright © 2010, Juniper Networks, Inc.