Citrix Systems Network Router NETSCALER 9.3 User Manual

NetScaler host name

ns01.example.net

N/A

User accounts

johnd, mariar, and
michaelb

John Doe, IT manager,
Maria Ramirez, IT
administrator and Michael
Baldrock, IT administrator.

Groups

Managers and SysOps

All managers and all IT
administrators.

Command Policies

read_all, modify_lb, and
modify_all

Allow complete read-only
access, Allow modify
access to load balancing,
and Allow complete
modify access.

The following description walks you through the process of creating a complete set of
user accounts, groups, and command policies on the NetScaler appliance named
ns01.example.net.

The description includes procedures for binding the appropriate user accounts and
groups to one another, and binding appropriate command policies to the user accounts
and groups.

This example illustrates how you can use prioritization to grant precise access and
privileges to each user in the IT department.

The example assumes that initial installation and configuration have already been
performed on the NetScaler.

1. Use the procedure described in 

 on page 22 to create

user accounts johnd, mariar, and michaelb.

2. Use the procedure described in 

 on page 24 to create user

groups Managers and SysOps, and then bind the users mariar and michaelb to the
SysOps group and the user johnd to the Managers group.

3. Use the procedure described in 

 on page 28 to

create the following command policies:

• read_all with action Allow and command spec "(^show\s+(?!system)(?!ns ns.conf)

(?!ns runningConfig).*)|(^stat.*)"

• modify_lb with action as Allow and the command spec "^set\s+lb\s+.*$"

• modify_all with action as Allow and the command spec "^\S+\s+(?!system).*"

Chapter 1

 Authentication and Authorization

36