Table 16: Predefined Nsm Administrator Activities; Creating Custom Roles - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Creating Custom Roles

Table 16: Predefined NSM Administrator Activities

Function
Action Attributes
Copyright © 2010, Juniper Networks, Inc.
System Administrator—Can perform all system-wide activities, Domain Administrator
activities, and IDP Administrator activities.
Read-Only System Administrator—Can perform all read-only system-wide activities
and Domain Administrator activities.
Each default role contains activities that relate to the traditional responsibilities for a
specific job title. Use a default role to create quickly an NSM administrator or to create
administrators when your organization's existing permission structure maps closely to
the permissions defined in the default role.
All roles, default and custom, are created from activities. In a default role, the activities
are chosen for you; in a custom role, you choose the activities that make up the desired
functionality. See "Creating Custom Roles" on page 75 for details.
NOTE: Role assignment is additive. When you assign multiple roles to a single
administrator, the permissions specified by the activities in the role are added.
You must also select a domain. You can assign administrators to the global domain, or
to one or more subdomains (the subdomain must already exist). Administrators must
log in to the domain they were created in. For example, the super administrator has access
to all domains, but must log in to the global domain first, and then switch to a subdomain
using the domain menu. For details on creating a subdomain, see "Creating Subdomains"
on page 91.
For more complex and diverse permissions requirements, create custom roles to specify
the exact level of permission you want to give an administrator. An activity is a predefined
task that defines access to a function in NSM. To assign one or more activities to an NSM
administrator, create a role that includes those activities and assign the role to the
administrator.
Some activities are dependant on other activities. If you select a dependant activity, NSM
automatically selects the prerequisite activities. You can clear prerequisite activities from
a custom role, but doing so affects permissions granted in the dependant activity. For
example, if you create a role that includes the activity "Create VPNs", the activities "Edit
VPNs" and "View VPNs" are automatically selected for you.
Click the Add icon to display the New Role dialog box and all available activities. NSM
includes many predefined activities, grouped by similar functionality. See Table 16 on
page 75.
Task Description
View The Action Manager is a node on the main navigation tree that enables
you to configure the management system to forward logs generated
Modify
within a specific domain or subdomain.
Chapter 3: Configuring Role-Based Administration
75