Configure groups 编辑

In Citrix ADM, a group can have both feature-level and resource-level access. For example, one group of users might have access to only selected Citrix ADC instances; another group with only a selected few applications, and so on.

When you create a group, you can assign roles to the group, provide application-level access to the group, and assign users to the group. All users in that group are assigned the same access rights in Citrix ADM.

You can manage a user access in Citrix ADM at the individual level of network function entities. You can dynamically assign specific permissions to the user or group at the entity level.

Citrix ADM treats virtual server, services, service groups, and servers as network function entities.

• Virtual server (Applications) - Load Balancing(lb), GSLB, Context Switching (CS), Cache Redirection (CR), Authentication (Auth), and Citrix Gateway (VPN)

• Services - Load balancing and GSLB services
• Service Group - Load balancing and GSLB Service groups
• Servers - Load balancing Servers

Create a user group

1. In Citrix ADM, navigate to Settings > User Administration > Groups.

2. Click Add.

   The Create System Group page is displayed.

3. In the Group Name field, enter the name of the group.

4. In the Group Description field, type in a description of your group. Providing a good description of the group helps you to understand the role and function of the group in a better way at a later point.  

5. In the Roles section, add or move one or more roles to the Configured list.

   Note Under the Available list, you can click New or Edit and create or modify roles. Alternatively, you can navigate to Settings > User Administration > Users and create or modify users.

   

6. Click Next. On the Authorization Settings tab, you can provide authorization settings for the following resources:

   • Autoscale Groups
   • Instances
   • Applications
   • Configuration Templates
   • StyleBooks
   • Configpacks
   • Domain Names

   

   You might want to select specific resources from the categories to which users can have access.

   Autoscale Groups:

   If you want to select the specific Autoscale groups that a user can view or manage, perform the following steps:

   1. Clear the All AutoScale Groups check box and click Add AutoScale Groups.

   2. Select the required Autoscale groups from the list and click OK.

   Instances:

   If you want to select the specific instances that a user can view or manage, perform the following steps:

   1. Clear the All Instances check box and click Select Instances.

   2. Select the required instances from the list and click OK.

      

   Applications:

   The Choose Applications list allows you to grant access to a user for the required applications.

   You can grant access to applications without selecting their instances. Because applications are independent of their instances to grant user access.

   When you grant a user access to an application, the user is authorized to access only that application regardless of instance selection.

   This list provides you the following options:

   • All Applications: This option is selected by default. It adds all the applications that are present in the Citrix ADM.

   • All Applications of selected instances: This option appears only if you select instances from the All Instances category. It adds all the applications present on the selected instance.

   • Specific Applications: This option allows you to add the required applications that you want users to access. Click Add Applications and select the required applications from the list.

   • Select Individual Entity Type: This option allows you to select a specific type of network function entity and corresponding entities.

     You can either add individual entities or select all entities under the required entity type to grant access to a user.

     The Apply on bound entities also option authorizes the entities that are bound to the selected entity type. For example, if you select an application and select Apply on bound entities also, Citrix ADM authorizes all the entities that are bound to the selected application.

     Note

     Ensure you have selected only one entity type if you want to authorize bound entities.

   You can use regular expressions to search and add the network function entities that meet the regex criteria for the groups. The specified regex expression is persisted in Citrix ADM. To add regular expression, perform the following steps:

   1. Click Add Regular Expression.

   2. Specify the regular expression in the text box.

      The following image explains how to use regular expression to add an application when you select the Specific Applications option:

      

      The following image explains how to use regular expression to add network function entities when you choose the Select the Individual Entity Type option:

      

   If you want to add more regular expressions, click the + icon.

   Note

   The regular expression only matches the server name for the Servers entity type and not the server IP address.

   If you select the Apply on bound entities also option for a discovered entity, a user can automatically access the entities that are bound to the discovered entity.

   The regular expression is stored in the system to update the authorization scope. When the new entities match the regular expression of their entity type, Citrix ADM updates the authorization scope to the new entities.

   Configuration Templates:

   If you want to select the specific configuration template that a user can view or manage, perform the following steps:

   1. Clear the All Configuration templates check box and click Add Configuration Template.

   2. Select the required template from the list and click OK.

      

   StyleBooks:

   If you want to select the specific StyleBook that a user can view or manage, perform the following steps:

   1. Clear the All StyleBooks check box and click Add StyleBook to Group. You can either select individual StyleBooks or specify a filter query to authorize StyleBooks.

      If you want to select the individual StyleBooks, select the StyleBooks from the Individual StyleBooks pane and click Save Selection.

      If you want to use a query to search StyleBooks, select the Custom Filters pane. A query is a string of key-value pairs where keys are name, namespace, and version.

      You can also use regular expressions as values to search and add StyleBooks that meet regex criteria for the groups. A custom filter query to search StyleBooks supports both And and Or operation.

      Example:

      name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0
      <!--NeedCopy-->