Difference between revisions of "TB/TB-2008-10-DA"
(→Testing) |
m |
||
Line 33: | Line 33: | ||
=== Server Administrator === | === Server Administrator === | ||
− | A Server Administrator can | + | A Server Administrator can add, delete or alter Users, Groups and Resources on the mailnode they are created on. |
+ | |||
=== Available Admin Groups === | === Available Admin Groups === | ||
Revision as of 11:53, 15 October 2008
TB -> TB/TB-2008-10-DA
Delegated Administration
Delegated Administration allows you to delegate certain administrative tasks to specific users. This enables you to:
- better scale your administrative team by giving you an effective way to add more people to it
- increase overall security and stability of your installation by not allowing every Administrator to edit every detail of your installation
- decrease your reaction time by allowing local administrators to perform certain tasks, e.g. create and delete local users
In hosted scenarios it will allow hosting providers to enable their customers to administer themselves. This will free up the provider from day to day management tasks, and again reduce reaction time for the client company as it does not need to wait for the providers support team but can perform the tasks themselves.
Types of Administrators
The following table gives an overview of the available types of administrators:
Mailnote | Full Admin | Admin Groups | Type |
Primary | yes | none | Super Administrator |
Non-Primary | yes | none | Server Administrator |
Primary | no | any | role constrained Server Administrator |
Non-Primary | no | any | role constrained Server Administrator |
Super Administrator
A Super Administrator can use all features provided by SAC.
Server Administrator
A Server Administrator can add, delete or alter Users, Groups and Resources on the mailnode they are created on.
Available Admin Groups
There are four pre-defined Admin Groups available:
- ScalixAdmins
- Any user part of this group can use all features provided by SAC.
- ScalixGroupAdmins
- A user who is part of this group is allowed to create, alter and delete Groups.
- ScalixUserAdmins
- Members of this group can create, alter and delete Users.
- ScalixUserAttributeAdmins
- Membership in this group enables users to edit information on the Contact Info tab for all other users.
Role constrained Super Administrator
A role constrained Super Administrator has access to SAC features based on the groups they are a member of and are allowed to work on the whole system.
Role constrained Server Administrator
A role constrained Server Administrator is also limited in the features they may use, additionally they can only make changes to the mail node they are created on.
Examples
Prerequisites
To be able to create Server Administrator you will need to create at least one additional mailnode besides the primary mailnode.
Testing
After creating the users as described in the following sections you need to login to SAC as the newly created user to see and test the various degrees of delegated administration.
Enable Delegated Administration
To enable the Delegated Administration super switch access Settings > Administration > General via SAC:
- Activate the checkbox next to "Check to enable delegated administration"
- Click Save Changes
Creating a Super Administrator
To create a Super Administrator you need to enable the full admin rights for a user created on the primary mail node. Using SAC follow these steps:
- Access Users
- Click on Create User(s)
- Enter the following information in the new dialog:
- Last Name: superadmin
- Mailnode: Select the primary mail node
- Password: Assign a password
- Click on Finish
- Select the newly created superadmin user in the userlist, and go to the Advanced tab
- Select "Is full administrator"
- Click on Save Changes
Create a Server Administrator
To create a Server Administrator you need to enable the full admin rights for a user created on a Non-Primary mail node. Using SAC follow these steps:
- Access Users
- Click on Create User(s)
- Enter the following information in the new dialog:
- Last Name: acme
- Mailnode: Select the ACME mail node
- Authentication ID: acme@acme.com
- Password: Assign a password
- Click on Finish
- Select the newly created acme user in the userlist, and go to the Advanced tab
- Select "Is full administrator"
- Click on Save Changes
Create a role-constrained Super Administrator
To create a role-constrained Super Administrator you need to enable the full admin rights for a user created on a primary mail node. Using SAC follow these steps:
- Access Users
- Click on Create User(s)
- Enter the following information in the new dialog:
- First Name: Group
- Last Name: Admin
- Mailnode: Select the primary mail node
- Password: Assign a password
- Click on Next twice
- In the Group Membership tab, select ScalixGroupAdmins
- Click on Finish
Create a role-constrained Server Administrator
To create a Server Administrator you need to enable the full admin rights for a user created on a Non-Primary mail node. Using SAC follow these steps:
- Access Users
- Click on Create User(s)
- Enter the following information in the new dialog:
- First Name: bcme
- Last Name: users
- Mailnode: Select the BCME mail node
- Authentication ID: bcme.users@bcme.com
- Password: Assign a password
- Click on Next twice
- In the Group Membership tab, select ScalixUserAdmins
- Click on Finish