6.5.2.Role details
Based on availability, a role can be:
- System level role – which is available for all tenants in the system; the grid’s “Tenant name” column contains “All tenants”;
- Tenant level role – which is available only for the selected tenant; the grid’s “Tenant name” column contains the name of the selected tenant
- System level permissions – Allow to manage the system settings, (Manage system: “All allowed”); all tenants (Manage tenant: “All allowed”) or specific tenants in the system (Manage tenant: “Specific allowed”), and to manage users and roles in the system. If the “Manage tenant” is specific in the role, then the given role will be available for a specific tenant only. Only a user with “Manage system” and/or “Manage tenant” permissions has got the right to log in to the Central Administration.
- Tenant level permissions – Allow to manage all jobs/repository items/schedulers (“All allowed”), and/or to manage only specific jobs/repository items/schedulers (“Specific allowed”) of the selected tenants.
Note: The Edit, Delete and + new options on the Schedulers, Jobs, Storages, Databases, Aliases, Retentions, Shortcuts and Exchange connections pages/context menus are enabled based on the permissions defined in the Role details. If the logged in user has got the Edit “All allowed” permission on the repository item and/or job and/or scheduler on the assigned tenant, and also has the Manage users and roles permission, then he can manage access to the selected object(s) on this tenant.
- Permissions to manage the respective plugins of the selected tenant(s) – Allow to manage all or specific plugins (email archive, file archive, SharePoint archive plugins etc.) on all tenants if Manage tenant is “All allowed” and you assign this role to user on all tenants.; allow to manage all or specific plugins of the selected tenant if Manage tenant is “Specific allowed”.
The role’s availability is set in the Role details window, when creating it:
A role is a collection of permissions that will be assigned for the user when associating the given role with him. The permissions can be divided into certain permission groups:
Warning: Manage system permission does not allow to manage the entire system. A user with this permission has access to client applications settings, system-,license-,notification-, cluster-, login provider settings and to set the notification scheduler. Such a user cannot create tenants or databases, this requires to have Manage tenants permission.
Note: Roles with Manage system and/or Manage tenant permissions cannot be assigned automatically (by contentACCESS email and file archive provisioning job).
Note: If the Manage users and roles permission is not assigned to a tenant administrator, then this tenant administrator will be able only to view the roles on the Roles page.
When you move your mouse over the question mark in the Role details dialog, the permission description gets displayed in a tooltip. Select the permissions that you want to assign for an already existing or for a newly created contentACCESS user, name your role, and save it.
Help Guide Powered by Documentor