The Administration screens enable role-based user and group management, either locally or through an LDAP connection to an LDAP compliant directory structure.
VERDE comes with a set of predefined roles and permissions. Existing roles cannot be edited. Multiple roles can be assigned to local users, local groups, or directory service users (by specifying user@domain), and directory service groups (by specifying the Group DN and realm). An administrative user can be assigned multiple roles.
VERDE provides the following predefined roles:
- Management Console Master Administrator. Has full permissions for all tasks. This is the only role that has full rights for LDAP and local user management and permission assignment.
- Management Console User. Can configure LDAP for the system and has full permissions for all other tasks.
- Desktop Administrator. Has full permissions for Gold Images, Sessions Settings, Application Layers, Desktop Policy. Read-only for all other configuration items. No Maintenance" permissions. Can manage sessions for Reports and view report data.
- Helpdesk Administrator. Has permission to manage sessions for Reports and has read-only permissions for all other tasks.
- Analyst. Has read-only permissions for all configurations, no permissions for Maintenance, and read only permissions for Reports.
- Organization Administration. Can perform Administration tasks for an organization.
Roles and permissions are for administrative purposes. To create a user with no administrative rights, leave the Role field empty when creating a user.
Granular permissions are available for creating roles or editing existing roles.
|VERDE Management Console Roles||Permissions||Requirements|
Read-only, Operations, Owners, Full
|Application Layers||Read-only, Full|
|Session Settings||Read-only, Full|
|Desktop Policy||Full requires Gold Images (read-only), Session Settings (read-only), Application Layers (read-only), Desktop Pools (read-only)|
|Desktop Pools||Read-only, Full|
|Administration||Requires Management Console Master Administrator role|
|General Settings||Read-only, Full|
|Organizations||Read-only, Administration, Full||The Administration permission doesn't provide any permissions for the VERDE Management Console in the Global space.|
|Reports||View, Manage Servers, Manage Sessions||
Permissions are mapped to the tasks in the VERDE Management Console Configuration tab. Permissions include:
- Read-only. Allows users to view or list objects.
- Full. Allows users to view, list, edit create, or remove objects.
- Gold Image permissions, in addition to read-only are:
- Operations. Enables creating, cloning, editing, and deleting images and performing operations on all images owned by the user with this role.
- Owners. Enables creating images, performing image operations on images owned managing image owners on images I already own.
- Full. Enables all permissions on all images.
- For organization roles, the following apply:
- The creator of an organization automatically becomes the first administrator for that organization, with a master administration role for that organization. Additional administrators can be defined in the organizational scope.
- Users and administrators are assigned to the organization through directory service realms.
- Full. Allows users to edit any organization.
- Administration. Enables a user to be master administrator for a specified organization.
- View permission in Reports also allows managing charts. Charts will only display the information that is available to an administrator or user.
- Manage Servers. Allows taking servers offline or online, and removes branch servers.
- Manage Sessions. Allows shutting down user sessions.
- Full permissions in General Settings enable revoking MAC addresses (from the Reporting tab).
The User screen lists individual users created for VERDE access. Local user accounts created in VERDE reside in the VERDE database. An LDAP server can also be used to manage/assign accounts. Once an account is created, the password, and group assignment can be changed by selecting the user name in the table.
To add a new administrator or user:
- Select "CREATE NEW" and enter the name of user. This cannot be edited.
- Select the "Local User" or "LDAP User" type. If you've selected a local user, enter and confirm a password for this account. If you chose an LDAP user type, select the LDAP Server in which this account resides.
- (Optional) If you're adding a local user, search for and select one or more groups from the list.
- Select "Save."
A user cannot be deleted while still assigned in a Desktop Policy rule.
The purpose of Roles in VERDE Management Console is to expedite the process of assigning privileges to VERDE users. A Role is a predefined list of privileges that can be used to assign identical privileges to one or more users quickly and easily.
The VERDE Management Console comes with predefined Roles, but you may also create a new Role to further define application accessibility. Perform the following steps to create a Role:
- On the Roles screen, select "CREATE NEW."
- On theCreate New Rolewindow, enter a name in the "Role Name" field. Names are case sensitive.
- Select the task group to assign to the role. Once the object is selected, it is added to the "Selected Privileges" list and a sub-set of privileges will be displayed.
- Select the privileges for this role. If no permissions are selected, read-only is assumed for an object.
- Select "Save" to save the new role.
The Groups screen enables creating and editing groups for use in VERDE. Groups can be local VERDE groups or LDAP groups. Users are assigned to groups through the Users screen.
- Select "Create New" to add a new group.
- Enter a name for the group.
- Select the "Local Group" or "LDAP Group" type.
- If you selected an LDAP group, select the LDAP server in which the group resides.
A group cannot be deleted if assigned in a Desktop Policy rule.