...
While the automatic providers should cater to most needs, custom domain providers can be created to connect to domains outside of the forest the Site Manager server is in. Beware that members of authorized groups can only access Site Manager if they are on the same domain as the group. This differs from the automatic domain providers which support cross-domain authorization.
All providers are listed within the provider manager dialog. Providers can be configured or removed by clicking the respective buttons in the table. New providers can be created by clicking the 'Add' button, which opens the a dialog to configure a new domain provider.
A domain provider can be configured with the following fields:
...
After clicking 'Save', Site Manager will check the validity of the configuration. If a provider can be created then the configuration is saved and a provider is added to the list of providers in the previous window. Otherwise, an error message will appear describing the problem.
Configuring Role-Based Permissions
Next to the 'Manage Provider' button on the security settings page is the 'Manage Permissions' button. Clicking this button will open the permissions management window.
Permissions are configured separately for each provider. Select the correct provider from the dropdown before configuring permissions.
Assigning Roles to Users
The 'Users & Groups' page of the Site Manager settings can be used to select which users and groups from the domain providers have access to Site Manager and the level of access they will have.
The 'Configure permissions for' dropdown can be used to select a domain provider:
Selecting '+ Add' will then open the 'Configure Permissions' window for the selected domain:
A table listing the active permissions is below the provider selection field. Here the names of authorized users and groups are displayed. All members of an authorized group are given the permissions of that group (membership is applied transitively). Permissions Users can be deleted by clicking the 'Remove' button. Click 'Configure' to add permissions. Changes to permissions can be discarded by clicking cancel.
The structure of the directory is navigable through the tree on the left, which shows the folders and organizational units that have been configured on the domain. On the right is a table listing the users and groups in the selected folder. Rows can be selected to add corresponding permissions when the 'Add' button is pressed.
removed from the table, revoking their permissions, using the bin icon.
All users and groups newly added to the active permissions listing are defaulted with the viewer role, this role is the lowest form of access granted by Site Manager. To increase a user's or group's access further, select 'Edit' from pencil icon from the role column to access the role editor.
The role editor displays all role options available for selection'Role' window enables you to select the role(s) that will be applied to the selected user or group. Select the roles required for the user or group and apply changed roles by clicking the 'Save' button. Roles can be combined where required, selecting all the non-administrator pre-defined roles is equivalent to granting the administrator role to Site Manager.
The available pre-defined roles are:
| Role | Description |
|---|---|
| Administrator | Grants full administrative access to the Site Manager user. |
| Standard User (Viewer) | Grants minimum access to the Site Manager user. A user with this role can view the majority of information available in Site Manager, but can't make changes beyond configuring their own instance of the dashboard and table layouts. The repository browser and verification pages are unavailable to the user. |
| Backup Operator | Grants the same access as a 'Standard User' to Site Manager, but the user can enable or disable predefined backup plans, start, stop, or pause backups, start or stop remote syncs, access the repository browser (without access to backup contents) and verify backups. |
| Restore Operator | Grants the same access as a 'Standard User' to Site Manager, but the user can perform remote restores, generate and download rescue media, access the repository browser (and open backups), and verify backups. |
| Backup Manager | Grants the same access as a backup and restore operator to Site Manager, but the user can configure backup plans, definitions, schedules, repositories, remote syncs, and agent tags along with access to the repository browser (full access, including deletion) and full access to manage agents (add, remove, remote install, upgrade and perform maintenance actions including reboot agent, reset VSS and resync logs). |
| Deployment Operator | This grants the user the ability to perform deployments. The user will have access, in the deployment media, to start an endpoint-initiated deployment. The user can also start a centrally-initiated deployment in the 'Deployment Targets' tab of SiteDeploy®. See this article for more information about Macrium SiteDeploy® user management. |
| Deployment Manager | This grants the user full access to SiteDeploy®. The user will be able to create golden image stores, create deployment media, and perform both centrally-initiated and endpoint-initiated deployments. See this article for more information about Macrium SiteDeploy® user management. |
| Server Manager | Grants the same access as a 'Standard User' to Site Manager, but the user can configure server settings, configure repositories, access the repository browser (view listings only), manage agent licensing, perform agent maintenance actions (reboot agent, reset VSS and resync logs), generate rescue media and install server updates. |
Alternatively, custom roles can be created using a list of over 40 different permissions.
Creating Custom Roles
From Site Manager 8.1.7888, users can create their own custom roles. To create custom roles, select the 'Roles' page of the Site Manager settings:
The roles section on the left of the page shows a list of the existing custom and pre-defined user roles.
The 'Permissions' list on the right will show the selected permissions for the selected role. The pre-defined roles cannot be directly edited, however, they can be copied and then modified using the 'Copy' icon shown next to the role. Alternatively, an entirely new custom role can be created using the 'Add Custom Role' button. A name, description, and any combination of the available permissions can be selected for the custom role:
Select 'Save' to save the custom role. The custom role will then be shown in the 'Roles' section of the page. The custom role can be edited, copied, or deleted using the relevant icon on the selected role:
The custom role is now available to assign to new and existing users and groups on the 'Users & Groups' page of the settings:
