Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
11-51
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 11 Common Administrative Tasks
If you use an LDAP directory to authenticate users, you assign directory groups
to user roles instead of individual users. When you assign a directory group to a
user role, each user in that group receives the permissions defined for the user
role. For more information, see
to user roles instead of individual users. When you assign a directory group to a
user role, each user in that group receives the permissions defined for the user
role. For more information, see
Delegating Administration
The Security Management appliance allows you to assign delegated
administration capabilities to users and groups of users so that they can manage
their own policies. This allows users with only custom roles to publish policies to
different Web Security appliances, and gives them the permission to edit or
publish the the custom configuration to different appliances.
administration capabilities to users and groups of users so that they can manage
their own policies. This allows users with only custom roles to publish policies to
different Web Security appliances, and gives them the permission to edit or
publish the the custom configuration to different appliances.
From the Web > Configuration Master > Custom URL Categories page on the
Security Management appliance, you can view the URL categories and policies
that you are allowed to administer and publish. Additionally, you can go to the
Web > Utilities > Publish Configuration Now page and view the possible
configurations.
Security Management appliance, you can view the URL categories and policies
that you are allowed to administer and publish. Additionally, you can go to the
Web > Utilities > Publish Configuration Now page and view the possible
configurations.
Note
Remember that when you create a custom role with Publish Privilege capabilities,
when user logs in, they will not have any usable menus. They do not have the
publish menu and they will land on an non-editable landing screen since the URL
and policy tabs do not have any capabilities. In effect, you have a user that cannot
publish or administer any categories or policies .
when user logs in, they will not have any usable menus. They do not have the
publish menu and they will land on an non-editable landing screen since the URL
and policy tabs do not have any capabilities. In effect, you have a user that cannot
publish or administer any categories or policies .
The workaround to this issue is that if you want a user to be able to publish, but
not to be able to manage any categories or policies, you must create a custom
category which is not used in any policy, and give that user the ability to manage
that custom category along with publishing. In this way, if they add or delete
URLs from that category, it does not affect anything.
To delegate administration by creating and editing custom user roles.
•
•