Table of Contents
Advertisement
Network and Security Manager Administration Guide
Creating Custom Roles
74
The user is defined in domain "global" but has access to subdomains only. The user is a
"Domain Administrator" in subdomain "d1," but has a custom role r1 for subdomain "d2."
Configuring Roles
To assign a role to the new administrator, select the Permissions tab and choose a role
for the new administrator. When you assign a role to an NSM administrator, the
administrator can perform the predefined system activities specified in that role.
You can select a default or custom role for that administrator. NSM includes default roles
for common job responsibilities:
Domain Administrator—Can perform all activities in the domain.
Read-Only Domain Administrator—Can perform all read-only activities in the domain.
IDP Administrator—Can perform all IDP activities. All other activities are excluded.
Read-Only IDP Administrator—Can perform all read-only IDP activities.
System Administrator—Can perform all system-wide activities, Domain Administrator
activities, and IDP Administrator activities.
Read-Only System Administrator—Can perform all read-only system-wide activities
and Domain Administrator activities.
Each default role contains activities that relate to the traditional responsibilities for a
specific job title. Use a default role to create quickly an NSM administrator or to create
administrators when your organization's existing permission structure maps closely to
the permissions defined in the default role.
All roles, default and custom, are created from activities. In a default role, the activities
are chosen for you; in a custom role, you choose the activities that make up the desired
functionality. See "Creating Custom Roles" on page 74 for details.
NOTE: Role assignment is additive. When you assign multiple roles to a single
administrator, the permissions specified by the activities in the role are added.
You must also select a domain. You can assign administrators to the global domain, or
to one or more subdomains (the subdomain must already exist). Administrators must
log in to the domain they were created in. For example, the super administrator has access
to all domains, but must log in to the global domain first, and then switch to a subdomain
using the domain menu. For details on creating a subdomain, see "Creating Subdomains"
on page 90.
For more complex and diverse permissions requirements, create custom roles to specify
the exact level of permission you want to give an administrator. An activity is a predefined
task that defines access to a function in NSM. To assign one or more activities to an NSM
administrator, create a role that includes those activities and assign the role to the
administrator.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
