Application Delivery Management

Configure access policies

Access policies define permissions. A policy can be applied to a single user or group, or to multiple users and multiple groups. NetScaler Console provides four predefined access policies:

  1. adminpolicy. Grants access all NetScaler Console features. The user has both view and edit permissions, can view all NetScaler Console content, and can perform all edit operations. That is, the user can perform add, modify, and delete operations on the resources.

  2. readonlypolicy. Grants read-only permissions. The user can view all content on NetScaler Console, but is not authorized to perform any operations.

  3. appAdminPolicy. Grants administrative permissions for accessing the application features in NetScaler Console. A user bound to this policy can add, modify, and delete custom applications, and can enable or disable the services, service groups, and the various virtual servers, such as content switching, cache redirection, and HAProxy virtual servers.

  4. appReadOnlyPolicy. Grants read-only permission for application features. A user bound to this policy can view the applications, but cannot perform any add, modify, or delete, enable, or disable operations.

Note:

The predefined policies cannot be edited.

You can also create your own (user-defined) policies.

To create user-define access policies:

  1. In NetScaler Console, navigate to Settings > Users & Roles > Access Policies.

  2. Click Add.

  3. In the Policy Name field, enter the name of the policy, and enter the description in the Policy Description field.

    The Permissions section lists of all NetScaler Console features, with options for specifying read-only, enable-disable, or edit access.

  4. Click the (+) icon to expand each feature group into multiple features.

    1. Select the permission check box next to the feature name to grant permissions to the users.

      • View: This option allows the user to view the feature in NetScaler Console.

      • Enable-Disable: This option is available only for the Network Functions features that allow enable or disable action on NetScaler Console. User can enable or disable the feature. And, user can also perform the Poll Now action.

        When you grant the Enable-Disable permission to a user, the View permission is also granted. You cannot deselect this option.

      • Edit: This option grants the full access to the user. User can modify the feature and its functions.

        If you grant the Edit permission, both View and Enable-Disable permissions are granted. You cannot deselect the auto-selected options.

      If you select the feature check box, it selects all the permissions for the feature.

    Note:

    Expand Load Balancing and GSLB to view more configuration options.

    In the following image, the configuration options of the Load Balancing feature have different permissions:

    Configure role based access policies

    The View permission is granted to a user for the Virtual Servers feature. User can view the load balancing virtual servers in NetScaler Console. To view virtual servers, navigate to Infrastructure > Network Functions > Load Balancing and select the Virtual Servers tab.

    The Enable-Disable permission is granted to a user for the Services feature. This permission also grants the View permission. User can enable or disable the services bound to a load balancing virtual server. Also, user can perform Poll Now action on services. To enable or disable services, navigate to Infrastructure > Network Functions > Load Balancing and select the Services tab.

    Note:

    If a user has the Enable-Disable permission, the enable or disable action on a service is restricted in the following page:

    1. Navigate to Infrastructure > Network Functions.

    2. Select a virtual server and click Configure.

    3. Select the Load Balancing Virtual Server Service Binding page. This page displays an error message if you select Enable or Disable.

    The Edit permission is granted to a user for the Service Groups feature. This permission grants the full access where View and Enable-Disable permissions are granted. User can modify the service groups that are bound to a load balancing virtual server. To edit service groups, navigate to Infrastructure > Network Functions > Load Balancing and select the Service Groups tab.

  5. Click Create.

Grant StyleBook permissions to users

You can create an access policy to grant StyleBook permissions such as import, delete, download, and more.

Note:

The View permission is automatically enabled when you grant other StyleBook permissions.

Grant StyleBook permissions to user

Configure access policies