Page tree

Contents

You can restrict access to the TFTP, HTTP and FTP services provided by the appliance. By default, the appliance denies access to the TFTP, HTTP and FTP services, unless an admin group has their administrative permissions defined.
You can grant read-only or read/write permission, or deny access to the following resources:

  • Grid File Distribution Properties—Applies to the Grid and its members, directories, and files. You can set this from the Administrators perspective only.
  • Member File Distribution Properties—Applies to the Grid member properties only.
  • A specific directory—Applies to the directory and its files.

For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for file distribution services.

Table 4.26 Permissions for File Distribution Services

Tasks

Grid File Distribution Properties

Member Distribution Properties

Specific Directory

Create and remove directories and files

RW



Modify the Grid and member file distribution properties

RW



View the Grid and member file distribution properties, directories, and files

RO



Modify the member file distribution properties


RW


View the member file distribution properties


RO


Add and delete a directory, subdirectories, and files in the directory



RW

View a directory and its subdirectories and files



RO


Administrative Permissions for Dashboard Tasks
Limited-access admin groups can configure IPAM tasks on the Tasks Dashboard only if their administrative permissions are defined. The appliance denies access to IPAM tasks for which an admin group does not have defined permissions.
You can grant read-only or read/write permission, or deny access to IPAM tasks as follows:

  • All IPAM tasks on the Tasks Dashboard
  • A specific IPAM task






Tasks

All Dashboard Tasks

Add Networks

Add Hosts

Add Fixed Addresses

Add CNAME Record

Add TXT Record

Add MX Record

Configure all tasks in the IPAM task pack

RO RW







Configure the Add Networks task


RO RW






Configure the Add Hosts task



RO RW





Configure the Add Fixed Addresses task




RO RW




Configure the Add CNAME Record task





RO RW



Configure the Add TXT Record task






RO RW


Configure the Add MX Record task







RO RW


Administrative Permissions for Certificate Authentication Services and CA Certificates
Limited-access admins can configure certificate authentication services and CA certificates only if their administrative roles and permissions are defined. If you want to allow admins to configure two-factor authentication, you can assign the PKI Admin role to limited-access admins or grant them read/write permissions to the following:

  • All certificate authentication services
  • All CA Certificates

For information about setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the admin tasks and required permissions for configuring certificate authentication services and managing CA certificates.

Table 4.28 Administration Permissions









Tasks

Grid Member(s)

All Certificate Authentication Services

All CA Certificates




Create, modify, and delete certificate authentication services


RW





Create, modify, and delete CA certificates

RW


RW




  • No labels

This page has no comments.