Delegated administration and Director 编辑

Delegated administration uses three concepts: administrators, roles, and scopes. Permissions are based on an administrator’s role and the scope of this role. For example, an administrator might be assigned a Help Desk administrator role where the scope involves responsibility for end-users at one site only.

For information about creating delegated administrators, see the main delegated administration article.

Administrative permissions determine the Director interface presented to administrators and the tasks they can perform. Permissions determine:

  • The views the administrator can access, collectively referred to as a view.
  • The desktops, machines, and sessions that the administrator can view and interact with.
  • The commands the administrator can perform, such as shadowing a user’s session or enabling maintenance mode.

The built-in roles and permissions also determine how administrators use Director:

Administrator RolePermissions in Director
Full AdministratorFull access to all views and can perform all commands, including shadowing a user’s session, enabling maintenance mode, and exporting trends data.
Delivery group AdministratorFull access to all views and can perform all commands, including shadowing a user’s session, enabling maintenance mode, and exporting trends data.
Read Only AdministratorCan access all views and see all objects in specified scopes and global information. Can download reports from HDX channels and can export Trends data using the Export option in the Trends view. Cannot perform any other commands or change anything in the views.
Help Desk AdministratorCan access only the Help Desk and User Details views and can view only objects that the administrator is delegated to manage. Can shadow a user’s session and perform commands for that user. Can perform maintenance mode operations. Can use power control options for Single-session OS Machines. Cannot access the Dashboard, Trends, Alerts, or Filters views. Cannot use power control options for Multi-session OS machines.
Machine catalog administratorCan access only the Machine Details page (Machine-based search).
Host AdministratorNo access. This administrator is not supported for Director and cannot view data.

Configure custom roles for Director administrators

In Studio, you can also configure Director-specific, custom roles to more closely match the requirements of your organization and delegate permissions more flexibly. For example, you can restrict the built-in Help Desk administrator role so that this administrator cannot log off sessions.

If you create a custom role with Director permissions, you must also give that role other generic permissions:

  • Delivery Controller permission to log on to Director - at least read only access in Administrator node
  • Permissions to delivery groups to view the data related to those delivery groups in Director - at least read only access

Custom Role

Alternatively, you can create a custom role by copying an existing role and include extra permissions for different views. For example, you can copy the Help Desk role and include permissions to view the Dashboard or Filters pages.

Select the Director permissions for the custom role, which include:

  • Perform Kill Application running on a machine
  • Perform Kill Process running on a machine
  • Perform Remote Assistance on a machine
  • Reset user profiles
  • View Client Details page
  • View Dashboard page
  • View Filters page
  • View Machine Details page
  • View Trends page
  • View User Details page

In this example, Shadowing (Perform Remote Assistance on a machine) is turned off.

Role with shadowing permission turned off

A permission can have dependencies on other permissions to become applicable on the UI. For example, selecting the Perform Kill Application running on a machine permission enables the End Application functionality only in those panels to which the role has permission. You can select the following panel permissions:

  • View Filters page
  • View User Details page
  • View Machine Details page
  • View Client Details page

In addition, from the list of permissions for other components, consider these permissions from delivery groups:

  • Enable/disable maintenance mode of a machine using delivery group membership.
  • Perform power operations on Windows Desktop machines using delivery group membership.
  • Perform session management on machines using delivery group membership.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:43 次

字数:5642

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文