You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > System Management > Delegating Administrator Roles > About Delegating Administrator Roles

About Delegating Administrator Roles

The access management system enables you to delegate various management tasks to different administrators through system administrator roles and security administrator roles. System and security administrator roles are defined entities that specify management functions and session properties for administrators who are mapped to those roles. You can customize an administrator role by selecting the feature sets, user roles, authentication realms, resource policies, and resource profiles that members of the administrator role are allowed to view and manage. Note that system administrators may only manage user roles, realms, and resource policies; only security administrators can manage administrator components.

For example, you can create a system administrator role called “Help Desk Administrators” and assign users to this role who are responsible for fielding tier 1 support calls, such as helping users understand why they cannot access a Web application or system page. In order to help with troubleshooting, you may configure settings for the “Help Desk Administrators” role as follows:

http://www.juniper.net/techpubs/images/note.gif

Note: In addition to any delegated administrator roles that you may create, the system also includes two basic types of administrators: super administrators (.Administrators role), who can perform any administration task through the admin console and read-only administrators (.Read-only Administrators role), who can view—but not change—the entire system configuration through the admin console.

You can also create a security administrator role called “Help Desk Manager” and assign users to this role who are responsible for managing the Help Desk Administrators. You might configure settings for the “Help Desk Manager” role to allow the Help Desk Manager to create and delete administrator roles on his own. The Help Desk Manager might create administrator roles that segment responsibilities by functional areas of the system. For example, one administrator role might be responsible for all log monitoring issues. Another might be responsible for all Network Connect problems.

All devices allow members of the .Administrators role to configure general role settings, access management options, and session options for the .Administrators and .Read-Only Administrators roles.

http://www.juniper.net/techpubs/images/note.gif

Note: On certain pages, such as the role mapping page, the delegated administrator can view the role names even though the administrator does not have read/write access. However, the delegated administrator cannot view the details of that role.

Related Topics