DualShield employs the Role Based Access Control (RBAC) model for access control to the Management Console. RBAC enables granular administrative access control down to a user or a group of users.
An administrative role is a collection of permissions that can be assigned to an administrator. A role determines what level of control the administrator has over which objects, such as users, tokens, reporting etc. Multiple roles to a single administrator. When an administrator has more than one role, the privileges granted by those roles are combined, allowing the administrator to perform any action granted by the assigned roles.
Help desk operator is an administartor, typically with restricted access to the management console. For instance, below is a list of permissions that are typically assigned to help desk operators:
- Issue Emergency Code
- Reset Passwords
- Lock/Unlock. Enable/Disable user accounts
- Craete and View reports
To create a role, select "Administration | Roles" in the main menu, click "Create" button on the toolbar:
The "Domain" field is the so-called Managing Domain. If a role has managing domains, then the role can only be managed by administrative users in the managing domains who have the right to manage roles. If a role does not have managing domains, then the role can be managed by all administrative users who have the right to manage roles.
Once a role is created, you can add and edit its persimmisons. Click the context menu icon of the role, select "Permits":
To create a new permit for the role, click "Create" on the toolbar:
Select "Scope", "Object" and "Actions" and press "Save" to save it.
Repeat the same process to create all other permits for the role:
Finally, do not forget to assign the role to a user or user group.