Network and Security Manager Administration Guide
Assigning and Viewing Custom Roles
Configuring a User Activity in a Custom Role
88
Table 17: Changes to Edit Devices, Device Groups, & Templates
Activity (continued)
Activity
Get Entitlement from Entitlement
Server
Check Config Sync Status
Intranet Controller Operations
In Release 2005.3, the View Devices, Device Groups, & Templates activity no longer
allows permission to run the directive listed in Table 18 on page 88. Use the Device Site
Survey activity instead.
Table 18: Changes to View Devices, Device Groups, & Templates Role
Activity
Directives
Device Site Survey
Site Survey
When you create an administrator, you can assign a custom role just as you would a
default role. However, you cannot assign an activity or role that you do not possess to
another administrator (the activity or role is not visible in the list of available activities or
roles).
Within a domain, you can view only the custom roles that you have created or that have
been assigned to you. You cannot view custom roles created by other administrators,
even if the role is in the same domain and includes the same activities already assigned
to you.
Role-based administration enables you to use filters to fine-tune the permissions on the
"Edit Devices, Device Groups, & Templates" and "View Devices, Device Groups, &
Templates" activities. These filters include:
Routing Configuration (for ScreenOS/IDP devices)—Allows editing of the routing
configuration from ScreenOS/IDP devices, which includes the virtual router, routing
configuration on the interface, and policy-based routing (PBR).
IDP Policy Configuration (for EX Series switches)—Allows editing of policy configuration
of EX Series switches in the device itself.
Directives
Get Entitlement from Entitlement Server
Check Config Sync
Connect To Intranet Controller
Disconnect From Intranet Controller
Copyright © 2010, Juniper Networks, Inc.