Command Center manages multiple numbers of devices along with multiple types of devices. In these kinds of scenarios, there is always a requirement for defined access to different users. Authorizing users to specific devices ensures clean segregation of access and responsibilities assigned to those users. Command Center brings this level of authorization just with the function of defining Groups for the users.
Till now we have just talked about segregation of users to specific devices. Command Center goes one step further and defines access with respect to specific NetScaler entities as well. With this, two users will be able to access same device but will have different views on their Command Center setup. This is because; they will be able to see only those vservers and services on that device which are authorized to them!
All of this can be done by just defining a Group for the users on the Command Center setup.
Now, let’s walk through the process of enabling this functionality on Command Center:
- Go to Administration tab on Command Center GUI and click Groups
- Click Add Group
- Enter a Group Name
(Note: You can browse a group name if you have selected Active Directory as the authentication server)
- Tick the check box for functionalities you want the users to have access to. In this case we have only given access to Configuration tab functionality.
(Note: Note that whenever you select any of these functionalities, the user will always have a read level access to Certificate Management, Change Management, Device Operation and Monitoring)
- Click OK.
- Click on the defined group
- Click on Assign User and select the users you want in the group
(Note: before this step ensure that you have created the users under Administration >> Security >> Users)
- Now that you have users defined for this group, click on Advanced Settings.
- Select the desired Property Name and Property Value. In this case we have selected as shown below.
With this selection, the users in this group will only be able to see 10.102.60.5 device on the CC Dashboard and only 10.102.60.5 Events & Alarms under Faults. With this they will only be able to view ns-server-certificate SSL certificate under Certificate Management. They will only be able view appfw custom task under Configuration. And they will only be able to see v1 vserver and s1 service under Monitoring tab.
(Note: To add multiple Property Name‘s, you just need to click on More, mentioned on the left side of the window)
- Click OK.
With these simple steps you have enabled a sleek, sharp and intelligent Authorization setup in your deployment just by creating a group with advanced settings!