Gateway

Configuring Delegated Administrators

January 8, 2024

Contributed by:

NetScaler Gateway has a default administrator user name and password. The default user name and password is nsroot. When you run the Setup Wizard for the first time, you can change the administrator password.

You can create more administrator accounts and assign each account with different levels of access to NetScaler Gateway. These additional accounts are called delegated administrators. For example, you have one person assigned to monitor NetScaler Gateway connections and logs and another person responsible for configuring specific settings on NetScaler Gateway. The first administrator has read-only access and the second administrator has limited access to the appliance.

To configure a delegated administrator, you use command policies and system users and groups.

When you are configuring a delegated administrator, the configuration process is:

Add a system user. A system user is an administrator with specified privileges. All administrators inherit the policies of the groups to which they belong.
Add a system group. A system group contains systems users with specific privileges. Members of the system group inherit the policies of the group or groups to which they belong.
Create a command policy. Command policies allow you to define what parts of the NetScaler Gateway configuration a user or group is allowed to access and modify. You can also regulate which commands, such as command groups, virtual servers, and other elements administrators and groups are permitted to configure.
Bind the command policy to the user or group by setting the priority. When configuring delegated administration, assign priorities to the administrator or group so NetScaler Gateway can determine which policy takes precedence.

NetScaler Gateway has a default deny system command policy. Command policies cannot be bound globally. Bind the policies directly to system administrators (users) or groups. If users and groups do not have an associated command policy, the default deny policy is applied and users cannot run any commands or configure NetScaler Gateway.

You can configure custom command policies to define a greater level of detail for user rights assignments. For example, you can give one person the ability to add session policies to NetScaler Gateway, but not allow the user to perform any other configuration.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Configuring Delegated Administrators

January 8, 2024

Contributed by:

January 8, 2024

Contributed by:

Configuring Delegated Administrators

In this article