Creating and Managing User Roles¶
Management Console allows the creation and management of user roles. Roles are created with a set of permissions that allow the administrator to configure which Management Console pages are accessible as well as what options within each page that are enabled. Each role can be finely tuned to a set of permissions that limit the access users have to configurable options within Management Console.
Default roles for users are applied to users depending on where the user is created.
-
Management Console created users obtain the System Administrator role.
-
IDP created users obtain the Administrator role by default. Management Console System Administrators can subsequently change this users role.
-
Active Directory users can have roles assigned to them from roles assigned to there AD Groups.
Unlicensed Management Console
The DELETE and EDIT buttons are deactivated on unlicensed versions of Management Console.
The SET PERMISSIONS allow each Management Console page to be made available for use by the role. Permissions of Show and Hide can be set for each page. Once the SET PERMISSION is selected, the Detail Permissions become viewable and represent the configurable options within each Management Console page. Detailed permissions can be set to Enable, Disable or Hide.
When managing a new role, take the time to plan your administrative structure for PCoIP endpoints. If your organization requires changes to existing roles, you can easily do this by using the EDIT button and changing the permissions of each role. If role permissions are changed while a user of the role is logged in, the permissions take affect right away and will be seen when the user refreshes the Management Console page.
Active Directory Groups
Creating a User Role¶
To create a user role, perform the following steps:
-
From the SETTINGS > AUTHENTICATION page, click the ROLES AND PERMISSIONS tab.
-
Click ADD.
-
Enter the Role Name (no spaces allowed) and then select the set of permissions specific to that role.
-
Click SAVE.
The newly created role will now be available to assign to any Management Console user.
Deleting Roles
Roles cannot be deleted if a user is associated with that role. You can only delete multiple roles at once if all the selected roles for deletion do not have a user associated with it.
Resetting User Roles¶
Administrators can reset user roles using the provided script in the scripts folder located at /opt/teradici/scripts. This may be required when a role is limiting users to a Management Console feature. Running of the script will provide full Management Console access back to the specific user role. Allow a few minutes for Management Console to reboot.
To reset a user role to provide full access
-
Browse to /opt/teradici/scripts and type the command:
sh reset_user_role.sh <userName>
Available role permissions
SET PERMISSION (Show or Hide) |
Detailed Permissions (Show, Hide, Enable, Disable or Hide) |
---|---|
ENDPOINTS | Permissions with Show or Hide Permissions with Enable, Disable or Hide
|
PROFILE | Permissions with Enable, Disable or Hide
|
SCHEDULE | Permissions with Show or Hide
|
ENDPOINT CERTIFICATES | Permissions with Enable, Disable or Hide
|
AUTO CONFIGURATION | Permissions with Enable, Disable or Hide
|
SETTINGS | N/A |