Views:
User groups align user capabilities with functional areas on the SMS. A user group pairs a role with resources that group members can access.
The SMS uses one predefined group named superuser. This group includes the superuser role, and provides access to all SMS features and functionality. Give careful scrutiny before you assign users to this group. In a typical new installation, you must create a new user group to specify access rights for users who do not have superuser privileges.
Any user account that logs on to the SMS must be assigned to at least one user group, because a user account must have a New Resource Group.

Procedure

  1. Select AdminAuthentication and AuthorizationGroups.
  2. Click New, or select an existing user group and click Edit.
  3. Select Name & Description, and provide the following:
    • Group name
    • Role – Select an existing role, create a new role, or select a role and edit the role capabilities. The role assigned to a group specifies the rights to execute the capabilities to manage the group resources, such as devices and profiles. When you assign a role, keep in mind that you cannot modify predefined system roles. If you edit role capabilities for a user role, changes are saved to the role, not just to the group. Learn more: Create or edit a user role.
    • Group description
  4. Select Devices to define the list of devices, device groups, and stacks the user will have permission to access.
  5. Select Segment Groups to define the list of segment groups the user will have permission to access.
  6. Select Profiles to define the list of profiles the user will have permission to access.
  7. Select DV Toolkit Packages to define the list of DV Toolkit packages the user will have permission to access.
  8. Select Action Sets to define the list of action sets the user will have permission to access.
  9. Select Reports to define the list of reports the user will have permission to access.
  10. Select SSL Servers to define the list of SSL servers the user will have permission to access.
  11. Select SSL Client Proxies to define the list of SSL client proxies the user will have permission to access.
  12. Select SSL Client Decryption Rules to specify which SSL client decryption rules the user will have permission to access.
  13. Select Active Directory Group Mapping if Active Directory authentication is configured for the SMS, users may be authorized through a mapped AD group.
    • Map this group to the same named group in active directory.
    • Map this group to a specific active directory group, and then specify the group name by entering the user group without entering the fully qualified distinguished name. Click Test to test the mapping.
  14. Select RADIUS Group Mapping if RADIUS authentication is configured for the SMS, users may be authorized through a mapped RADIUS group.
    • Map this group to the same named group in RADIUS.
    • Map this group to a specific RADIUS group, and then specify the group name by entering the user group without entering the fully qualified distinguished name.
  15. Click Finish.