Application Delivery Management

Configure access policies

Access policies define permissions. A policy can be applied to a single user or group, or to multiple users and multiple groups. Citrix Application Delivery Management (ADM) provides four predefined access policies:

  1. adminpolicy. Grants access all Citrix ADM features. The user has both view and edit permissions, can view all Citrix ADM content, and can perform all edit operations. That is, the user can perform add, modify, and delete operations on the resources.

  2. readonlypolicy. Grants read-only permissions. The user can view all content on Citrix ADM, but is not authorized to perform any operations.

  3. appAdminPolicy. Grants administrative permissions for accessing the application features in Citrix ADM. A user bound to this policy can add, modify, and delete custom applications, and can enable or disable the services, service groups, and the various virtual servers, such as content switching, cache redirection, and HAProxy virtual servers.

  4. appReadOnlyPolicy. Grants read-only permission for application features. A user bound to this policy can view the applications, but cannot perform any add, modify, or delete, enable, or disable operations.

Note The predefined policies cannot be edited.

You can also create your own (user-defined) policies.

To create user-define access policies:

  1. In Citrix ADM, navigate to System > User Administration > Access Policies.

  2. Click Add.

  3. In the Policy Name field, enter the name of the policy, and enter the description in the Policy Description field.

    localized image

  4. The Permissions section lists of all Citrix ADM features, with options for specifying read-only or edit access. Click the (+) icon to expand each feature group into multiple features. You must select the check box next to the feature name to give the users either the View or Edit Permissions. The Edit option includes permission to view. Select View for read-only, or Edit for full access.

    Note Expand Load Balancing and GSLB to view more configuration options.

    localized image

    Note Selecting Edit might internally assign dependent permissions that are not shown as enabled in the Permissions section. For example, when you enable edit permissions for fault management, Citrix ADM internally provides permission for configuring a mail profile or for creating SMTP server setups, so that the user can send the report as a mail.


    David is the administrator for SSL certificate management/security in Citrix ADM. In the policy assigned to David, the administrator selects the following check boxes in the Permissions section:

    • Networks > Configuration > Edit

    • Networks > Certificate Management > Edit

    • System > SSL Settings > Edit

    • System > System Configuration > Edit

      localized image

  5. Click Create.

Configure access policies