Table of Contents
Advertisement
Assigning and Viewing Custom Roles
Configuring a User Activity in a Custom Role
Viewing Logged Administrators
Copyright © 2010, Juniper Networks, Inc.
When you create an administrator, you can assign a custom role just as you would a
default role. However, you cannot assign an activity or role that you do not possess to
another administrator (the activity or role is not visible in the list of available activities or
roles).
Within a domain, you can view only the custom roles that you have created or that have
been assigned to you. You cannot view custom roles created by other administrators,
even if the role is in the same domain and includes the same activities already assigned
to you.
Role-based administration enables you to use filters to fine-tune the permissions on the
"Edit Devices, Device Groups, & Templates" and "View Devices, Device Groups, &
Templates" activities. These filters include:
Routing Configuration (for ScreenOS/IDP devices)—Allows editing of the routing
configuration from ScreenOS/IDP devices, which includes the virtual router, routing
configuration on the interface, and policy-based routing (PBR).
IDP Policy Configuration (for EX Series switches)—Allows editing of policy configuration
of EX Series switches in the device itself.
Firewall Rulebase Configuration (for Junos devices that support central policy
management)—Allows editing of the policy configuration of J Series routers or SRX
Series gateways in the Central Policy Manager of NSM.
Remaining Configuration—Allows editing of all device configurations, except the routing
configuration for ScreenOS/IDP devices and policy configuration for EX Series switches.
To edit the filter configuration:
From the menu bar, click Tools > Manage Administrators and Domains.
1.
In the RBA settings of NSM, select the Roles tab.
2.
In the Roles dialog box, click the Edit icon to edit an existing custom role or click the
3.
Add icon to create a new role. You can also edit the filter configuration while creating
a new role.
In the activities listed, click the Edit Devices, Device Groups, & Templates link. The
4.
Filter Configuration dialog box appears with a list of filters. By default, all filters of the
activity are enabled.
Disable the filters that are not required and click OK.
5.
NSM lets you view information associated with all the administrators currently logged
into the system. This information includes the following columns:
Chapter 3: Configuring Role-Based Administration
89
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers