A3 Online Help

Admin Access

Menu path: Configuration > System Configuration > Admin Access.

This page lists administrative users and the roles that they can play in A3 administration.

The general format and usage of this page is discussed in General GUI Usage.

The Admin Roles page lists the defined roles. Three roles are predefined:

Node (Client )Manager
User Manager
Security Event Manager

A new admin access role can be created through a specific CLONE button or the new admin role icon button. Three tabs are used to define new admin roles:

General
User options
Client Options

General

The New Admin Role page contains the following fields:


Field	Usage	Example
Name	The name of the role.	User Manager
Description	A description of the role.	Manages all user activities
Actions	At least one action is required, and can be selected from the drop-down list described in Admin Roles below. A role in the list can be deleted with the button. A new role can be added after a current item with the button.	Admin Roles - CreateAdmin Roles - DeleteAdmin Roles - ReadAdmin Roles - Update

Admin Roles

The assignable admin actions are:

Category	Operations
Admin Roles	Create, Delete, Read, Update
Auditing	Read
Billing Tiers	Create, Delete, Read, Update
CERTIFICATE	CERTIFICATE_UPDATE
Main Configuration	Read, Update
Connection Profiles	Create, Delete, Read, Update
Device Registration	Create, Delete, Read, Update
DHCP Option 82 Log	Read
RADIUS Domains	Create, Delete, Read, Update
Filter Engines	Read, Update
Fingerbank	Create, Delete, Read, Update
Firewall SSO	Create, Delete, Read, Update
Floating Devices	Create, Delete, Read, Update
Interfaces	Create, Delete, Read, Update
MAC Addresses	Read, Update
MSE	Read
Nodes (Clients)	Create, Delete, Read, Update
Syslog Parsers	Create, Delete, Read, Update
PFMON	Read, Update
PKI Providers	Create, Delete, Read, Update
Portal Modules	Create, Delete, Read, Update
Provisioning	Create, Delete, Read, Update
RADIUS Audit Log	Read
RADIUS Realms	Create, Delete, Read, Update
Reports	Reports
Scan Engines	Create, Delete, Read, Update
Security Events	Create, Delete, Read, Update
Services	Services
Switches	Create, Delete, Read, Update
Switches CLI	Read, Write
Syslog	Create, Delete, Read, Update
System	Create, Delete, Read, Update
TOOLS	TOOLS_READ
Traffic Shaping	Create, Delete, Read, Update
Users	Read, Read Sponsored, Create, Create Multiple, Update, Delete, Set Role, Set Access Duration, Set Unreg Date, Set Access Level, Set Tenant ID, Mark as Sponsor, Set Time Balance, Set Bandwidth Balance
Users - Create Overwrite	Create Overwrite
Users Roles	Create, Delete, Read, Update
Users Sources	Create, Delete, Read, Update
Security events	Create, Delete, Read, Update
WMI Rules	Create, Delete, Read, Update
WRIX	Create, Delete, Read, Update

User Options

The options in this category related to user privileges that the administrator role has access to:

Field	Usage	Example
Allowed User Access Levels	The list of access levels that are available to the admin user. If no elements are listed, then all access levels are available. The options available are: User Manager - able to manage A3 users via the top-level Users menu. NONE - all admin privileges are removed. ALL - all admin privileges are enabled. Security Event Manager - able to manage security events (trigger, open, close) for the clients. ALL_PF_ONLY - all admin rights related to deployment, excluding switch login rights. Node (Client) manager - able to manage A3 nodes via the top-level Clients menu.	ALL
Allowed user roles	The list of roles available to the admin user to assign to a user. The list of roles is the same as provided in the Roles interface. If no elements are listed, then all access levels are available.	guest employee
Allowed User Access Durations	A comma separated list of user access durations available to the admin user to assign to a user. If the list is empty, the default access durations are used.	12h
Maximum Allowed Unregistration Date	The maximum unregistration date that can be set, in the format yyyy-mm-dd. If empty, there is no limit.	2020-12-31
Allowed actions	The set of allowed actions allowed by the admin user. The choices are: mark_as_sponsor set_bandwidth_balance set_time_balance set_role set_unreg_date set_access_duration set_access_level set_tenant_id If the list is empty, then all actions are permitted.

Field

Usage

Example

Allowed User Access Levels

The list of access levels that are available to the admin user. If no elements are listed, then all access levels are available. The options available are:

User Manager - able to manage A3 users via the top-level Users menu.
NONE - all admin privileges are removed.
ALL - all admin privileges are enabled.
Security Event Manager - able to manage security events (trigger, open, close) for the clients.
ALL_PF_ONLY - all admin rights related to deployment, excluding switch login rights.
Node (Client) manager - able to manage A3 nodes via the top-level Clients menu.

ALL

Allowed user roles

The list of roles available to the admin user to assign to a user. The list of roles is the same as provided in the Roles interface. If no elements are listed, then all access levels are available.

guest employee

Allowed User Access Durations

A comma separated list of user access durations available to the admin user to assign to a user. If the list is empty, the default access durations are used.

12h

Maximum Allowed Unregistration Date

The maximum unregistration date that can be set, in the format yyyy-mm-dd. If empty, there is no limit.

2020-12-31

Allowed actions

The set of allowed actions allowed by the admin user. The choices are:

mark_as_sponsor
set_bandwidth_balance
set_time_balance
set_role
set_unreg_date
set_access_duration
set_access_level
set_tenant_id

If the list is empty, then all actions are permitted.

Client Options

The options in this category related to client definitions that the administrator role has access to:

Field	Usage	Example
Allowed Client Roles	The list of roles available to the admin user to assign to a client. The list of roles is the same as provided in the Roles interface. If no elements are listed, then all access levels are available.

Field

Usage

Example

Allowed Client Roles

The list of roles available to the admin user to assign to a client. The list of roles is the same as provided in the Roles interface. If no elements are listed, then all access levels are available.