Role-based_Administration
Using role-based administration helps reduce management effort and complexity with regards to the OfficeScan infrastructure and is especially helpful for companies with a robust Active Directory structure.
Role-based administration gives administrators the ability to assign specific privileges to users and to present the user with only the tools and permissions necessary to perform specific tasks. Administrators can delegate tasks to sub-domains and users can perform specific tasks without the interference of root domains to avoid conflict with tasks. Since users will only have to look at screens related to their task, they can then focus on their tasks or responsibilities.
Active Directory integration enables logging on to the OfficeScan Web console using Active Directory accounts. Each Active Directory account will have specific roles and each role can be granted several types of permissions.
A user role can be granted three types of permissions: >>>
Each user role will get the default OfficeScan domain settings if the role was imported from another OfficeScan server. The imported role will retain the permissions for the global menu items. However each domain will have to reconfigure the client management menu items and restructure the domain permissions.
Menu Items for Servers/Clients: Specify which menu items for managing the OfficeScan server and clients all users can see or configure, regardless of selected domains. This role should have the necessary permissions on the OfficeScan root directory to ensure that the view and configure options can be enabled. Only users with privileges to manage all domains can configure permissions.
Available menu items for servers/clients |
|
View |
Configure |
Scan Now for All Domains
|
Disabled by default |
Disabled by default |
Networked Computers
|
Enable/Disable |
Disabled by default |
Smart Protection
|
Enable/Disable |
Disabled by default |
Updates
|
Enable/Disable |
Disabled by default |
Logs
|
Enable/Disable |
Disabled by default |
Cisco NAC
|
Enable/Disable |
Disabled by default |
Notifications
|
Enable/Disable |
Disabled by default |
Administrations
|
Enable/Disable |
Disabled by default |
Tools
|
Enable/Disable |
Disabled by default |
Plug-in Manager
|
Disabled by default |
Disabled by default |
Menu Items for Managed Domains: Specify menu items that users with the necessary permissions for domains can see or configure.
Available menu items for managed domains |
|
View |
Configure |
Summary
|
Enabled by default |
N/A |
Security Compliance
|
Disabled by default |
Enable/Disable |
Networked Computers
|
Enable/Disable |
Enable/Disable |
Updates
|
Enable/Disable |
Enable/Disable |
Logs
|
Enable/Disable |
Enable/Disable |
Notifications
|
Enable/Disable |
Enable/Disable |
Client Management Menu Items: Specify client management tree drop-down menu items that can be seen or configured for each domain on the OfficeScan client tree.
Available menu items from the Client Management screen |
|
View |
Configure |
Status |
Enabled by default |
Enable/Disable |
Tasks
|
Enable/Disable |
Enable/Disable |
Settings
|
Disabled by default:
Others: Enable/Disable |
Enabled by default:
Others:
|
Logs
|
Enable/Disable |
Disabled by default:
Others:
|
Manage Client Tree
|
Disabled by default |
Enable/Disable |
Export |
Disabled by default |
Enabled by default |
Role-based administration involves the following tasks: >>>
Define user roles. Refer to User Roles.
Specify the domains this role can configure or view.
Specify the role permissions.
Configure user accounts and assign a particular role to each user. Refer to User Accounts.
View Web console activities for all users from the System Events Logs. The following activities are logged:
Logging on to the console
Password modification
Logging off from the console
Session timeout (user automatically gets logged off)
See also: