Each admin group has a list of host-group-specific rights that the members of the group have. The permissions are represented as a table with one column for each of the views and one column for the access rights. See Figure 4.5. Each row in the table adds to the permissions of the group. An empty table means that the group has no host-group-specific permissions.
On a row, a host group can be selected for each view, or any can be selected to apply the access rights to all host groups. If a host group different from any is selected, the access rights in the Access rights column apply only to hosts that are in the specified host group.
The Assign configurations access right can be set for groups only in the fixed host view Configuration. However, the Deploy configurations access right can be set for group combinations, for example the Workstation group in the fixed Configuration view and the Windows group in the OS view.
Tectia Manager has the following access right sets:
Approve host changes: Permission to approve pending host info changes.
Assign configurations: Permission to assign Management Agent and managed SSH software configurations to hosts. Effective only if set for a group in the Configuration view.
Deploy configurations: Permission to deploy Management Agent and managed SSH software configuration changes to hosts.
Full rights: Permission to perform any host-group-specific management actions. All access rights are included in this set.
Manage certificates: Permission to enroll, renew, and revoke host certificates.
Manage software: Permission to upgrade and uninstall the Management Agent software and SSH software on hosts.
View only: Permission to only view and search host information and logs. Hosts in those groups for which the logged-in administrator does not have view permissions are hidden.
Table 4.1. Access rights
Rights sets /
|Approve host changes||Assign configurations||Deploy configurations||Full rights||Manage certificates||Manage software||View only|
|Approve host changes||x||x|