How to: Create & Manage Security Roles

Summary

The purpose of this article is to explain the concept of Security Roles and how they can be used to deliver different capabilities within the NSS console for certain individuals or groups.

Security Roles determine what a user can (and cannot) do in the graphical interface, e.g. make changes to existing dashboards, create new dashboards, create access rules, set Path Labels, etc.

There are two elements to Security Roles: Application Roles, controlling the access a user has to the features of the software, and Path Roles that are used to grant users different levels of responsibility (within the context of data management) for the paths that they have access to within the software.

The combination of an Application Role and a Path Role is what makes a complete Security Role.

Intended results

A greater understanding in how to configure and use Security Roles as an effective way to delegate different types of abilities and responsibilities.

Step-by-step

The NSS console comes with five default Application Roles that can be used to either restrict or extend the application capabilities a user/group has access to. Is is possible to modify these default Application Roles as well as to create new ones.

The five default Application Roles are described in the table below:

 Name  Description
 Administrator      

 

All administrative privileges.

 

 Operator

 

All administrative privileges. No ability to view information gathered across file systems.

 

 Help Desk

 

Ability to view, create and edit Access Rules. All other administrative settings can only be viewed and not changed. No ability to view information gathered across file systems.

 

 Power User

 

All information viewing privileges. Ability to customize dashboard layout.

 

 User

 

Regular user with no administrative privileges within NSS.

 


There are two default Path Roles in the NSS console. As with Application Roles, these can be edited and/or new ones created.

There two default Path Roles are described in the table below.

 Name                    
Description
Data Steward

 

User with full responsibility for all data within a shared path. This default Path Role is designed to be used for owners Department Shares, Group Shares, etc.

 

Data Contributor

 

Standard user who should participate in managing data in shared folder(s) and/or their home folder.

 

 

Create & Manage Security Roles

  1. Click on the 'Security Roles' option in the top menu.

  2. Click on the 'Add Application Role' button to create a new Application Role. (You can also edit existing roles by selecting them and clicking on the 'Edit' button.) 

    Add Application Role
  3. A dialog box will appear. Make your selections and save your changes by clicking 'Add Application Role'.

    Add Security Role

    Clarification of the different Application Role options:

    Name:

    Specify the name of your Application Role

     

    Description:           
    Write a description of what the role does.

    View Profile: 
    Specify the View Profile that should be applied for the users with this Application Role. View Profiles offer the ability to distribute pre-defined dashboards to all users who share an Application Role. Read more about View Profiles in KB-3158.

    Allow/Deny:
    This option decides whether the selected operation should be Allowed or Denied.

    Operation:

    This option enables the possibility to decide what the users are able to see and do in the different parts of the graphical interface and/or the software's API.

     

    If an Allow permission is created, everything else is Denied unless other Allow permissions are created. The same principle can be applied for the opposite scenario; If a Deny permission is created, everything else is Allowed unless other Deny permissions are created.

    The 'All permissions'-option will grant the users the right to read and write everything within the selected category/feature. It's possible to assign the 'All permissions'-option for the entire NSS Console. This is the equivalent of the already existing Administrator role.


  4. Below is an example of a restrictive Application Role that only makes it possible to view the content in the widgets on the different dashboards while being unable to create, modify or delete dashboards and/or widgets.

    Test Role

  5. As there are fewer options within Path Roles, it is anticipated that the default settings will cover all needs. However, if necessary, you can add a new Path Role in a similar fashion to how Application Roles are created.

    Add Path Role

    Below is an example of creating/editing a Path Role. It follows the same principle as the Application Role configuration.

    Test Path Role


  6. Once the Application Role and Path Role have been saved, go to the Access Rule section of the NSS console Administration page and either create new Access Rules for the users/groups that should have the new Application Role or modify existing Access Rules. Click on save when the configuration is complete.

    Whereas the Application roles decide how the users should be able to operate within the graphical interface and API, the Access Rules decide the file system path(s) that the users should be able to see scanned data for. See KB-3120 for more information on how to configure and manage Access Rules.

    Below is an example of an Access Rule with multiple paths that utilizes the new Application Role and default 'Data Steward' Path Role.

    New Access Rule

  7. Below is a demonstration of the effect that a change in Application Role has on how data is presented to the affected user. The first screenshot shows the appearance for a user that has the default 'Administrator' Application Role. The second screenshot shows how data is presented for the same user after the 'Test Role' (created in the step-by-step process above) has been applied.

    With default 'Administrator' Application Role:

    Administrator Dashboard

    With new 'Test Role' Application Role applied:

    User Dashboard

  8.  Verify that the desired features and data display are available through the new/modified Security Roles by logging on to the NSS Console with a user that has been assigned with the roles.

Confirm results

Log on to the NSS console with users assigned with different permissions and Access Rules to confirm the results. Make sure that all configurations and changes appear as expected. Make changes to the configuration if necessary.

Please direct any questions to the Technical Support team at Northern (support@northern.net). We look forward to assisting you.

ADDITIONAL RESOURCES

  • KB3120 How to: Configure Access Rules
  • KB3119 How to: Configure Data Scans
  • KB3158 How to: Configure View Profiles
  • KB Article: 3143

    Updated: 12/13/2016

    • Category
      • Usage
    • Affected versions
      • NSS 9.7
      • NSS 9.8

    North America HQ

    NORTHERN Parklife, Inc.
    301Edgewater Place, Suite 100
    Wakefield, MA 01880
    USA

    Voice: 781.968.5424
    Fax: 781.968.5301

    salesUS@northern.net

     

    Additional Contact Information

    EMEA & APAC HQ

    NORTHERN Parklife AB
    St. Göransgatan 66
    112 33 Stockholm
    Sweden

    Voice: +46 8 457 50 00

    salesHQ@northern.net

    Northern Parklife



    ©2017 northern parklife

    privacy statement 
    terms of use