Macrium SiteDeploy
Space shortcuts

Versions Compared

Old Version 1

changes.mady.by.user Jack Mansfield

Saved on

compared with

New Version Current

changes.mady.by.user Macrium Software

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space SD and version v1

...

Macrium Site Manager can be configured to allow different users on the Site Manager server or a Windows Active Directory Domain to log in to the Site Manager console, access different parts of the SiteDeploy® UI, and log in to Site Manager on the deployment media allowing the user to access golden image stores, create golden images, and deploy golden images.

From SiteDeploy 8.1.7888, a 'User Management' section has been added to the Site Manager settings, from here all SiteDeploy user and permission management can be performed:

Image Added

By default, members of the Administrators group on the Site Manager server and members of Domain Administrators on the Site Manager server's domain can log in. Additional domains and permissions can be configured as described below:

...

While the automatic providers should cater to most needs, custom domain providers can be created to connect to domains outside of the forest the Site Manager server is in. Beware that members of authorized groups can only access Site Manager if they are on the same domain as the group. This differs from the automatic domain providers which support cross-domain authorization.

Image RemovedImage Added

All providers are listed within the provider manager dialogon the 'Login Providers' page of the settings. Providers can be configured or removed by clicking the respective buttons in the 'Actions' column of the table. New providers can be created by clicking the 'Add' button, which opens the dialog to configure a new domain provider.

Image RemovedImage Added

A domain provider can be configured with the following fields:

Field

Notes

NameA friendly name that is displayed to users. If no name is provided then the provider will be named after the domain it is associated with.
Domain Controller

The hostname of a domain controller. This can be in the form of a DNS-style name, a NetBIOS address, or an IP address.

Info

Custom ports

Site Manager will communicate with the domain controller using LDAP. To use custom ports (other than the default of 389 or 636) specify the domain controller in the hostname:port format.

UsernameThe username of an account on the domain. The credentials of this account will be used to perform any lookups against the LDAP server.
PasswordThe password of the account specified by the username entered in the previous field.
Display Order PriorityThe order that the provider will appear in dropdown lists like on the login page and the permissions modal. There is also an option to hide the provider from lists other than the table in the provider manager which may be useful if there are unused automatically generated providers.

After clicking 'Save', Site Manager will check the validity of the configuration. If a prover can be created then the configuration is saved and a provider is added to the list of providers in the previous window. Otherwise, an error message will appear explaining the problem.

Configuring

...

Next to the 'Manage Provider' button on the security settings page is the 'Manage Permissions' button. Clicking this will open the permissions management window.

Image Removed

Permissions are configured separately for each provider. Select the correct provider from the dropdown before configuring permissions.

...

Roles and Permissions

From Site Manager 8.1.7888, users can create their own custom roles can that can be assigned to users. Roles can be viewed and managed on the 'Roles' page of the Site Manager settings. The 'Roles' page is made up of two parts, the 'Roles' list will show the roles that are available and can be assigned to users this includes the 'Pre-Defined' roles and 'Custom Roles'. The 'Permissions' list shows the permissions that are enabled for the selected role:

Image Added

There are eight pre-defined roles that are available by default, these are the same roles that were available prior to SiteDeploy 8.1.7888 and are shown below along with the permissions that are assigned to the role:

Role

Permission

AdministratorThis role has all permissions assigned and grants full administrative access to SiteDeploy® and Site Manager.
Viewer

This role has no permissions assigned and grants minimum access to the Site Manager and SiteDeploy® user. A user with this role can view the majority of information available in Site Manager and SiteDeploy®, but can't make changes beyond configuring their own instance of the dashboard and table layouts.

Backup Operator

Backups:

  • Run Now Backups
  • Pause Active Backups
  • Cancel Active Backups
  • Toggle Scheduled Backup Plans

Repositories:

  • Access Repository Browser

Remote Sync:

  • Run Now Remote Syncs
  • Cancel Active Remote Syncs

Verification:

  • File Verification
Restore Operator

Repositories:

  • Access Repository Browser
  • Open Repository Browser Files

Restore:

  • Run Restores
  • Pause Restores
  • Cancel Restores

Rescue Media:

  • Manage Rescue Media & Tools
  • Download Rescue Media Files
  • Login via Rescue Media

Drivers:

  • Manage Drivers

Verification:

  • File Verification
Backup Manager

Backups:

  • Run Now Backups
  • Pause Active Backups
  • Cancel Active Backups
  • Manage Scheduled Backup Plans
  • Toggle Scheduled Backup Plans
  • Manage Definitions
  • Manage Schedules

Agents:

  • Computer Actions
  • Remote Agent Installation
  • Remote Agent Upgrade
  • Administrator Computer Actions
  • Add & Remove Agents
  • Manage Agent Tags

Repositories:

  • Manage Repositories
  • Access Repository Browser
  • Delete Repository Browser Files
  • Open Repository Browser Files

Remote Sync:

  • Run Now Remote Syncs
  • Cancel Active Remote Syncs
  • Manage Remote Syncs
  • Toggle Remote Syncs

Restore:

  • Run Restores
  • Pause Restores
  • Cancel Restores

Rescue Media:

  • Manage Rescue Media & Tools
  • Download Rescue Media Files
  • Login via Rescue Media

Drivers:

  • Manage Drivers

Verification:

  • File Verification
Deployment Operator

Rescue Media:

  • Login via Rescue Media

Deployment:

  • Run Deployments
  • Pause Deployments
  • Cancel Deployments
  • Manage Deployment Media
  • Download Deployment Media

Driver:

  • Manage Drivers
Deployment Manager

Rescue Media:

  • Login via Rescue Media

Deployment:

  • Run Deployments
  • Pause Deployments
  • Cancel Deployments
  • Manage Deployments & Golden Image Stores
  • Manage Golden Image Tags
  • Manage Deployment Media
  • Download Deployment Media

Drivers:

  • Manage Drivers
Server Manager

Agents:

  • Administrator Computer Actions

Repositories:

  • Manage Repositories
  • Access repository Browser

Rescue Media:

  • Manage Rescue Media & Tools

Drivers:

  • Manage Drivers

Licensing:

  • Manage Licenses

Settings:

  • Manage Settings
  • Update the Site Manager/SiteDeploy Server

The pre-defined roles themselves cannot be edited, however, the roles can be easily copied and used as the basis for a custom role by selecting the 'Copy' icon next to the relevant role. Alternatively, select '+ Add Custom Role' to create a new custom role with no permissions pre-selected.

Any combination of permissions can be selected from the permissions list to be assigned to the new custom role.

Image Added

Select 'Save' to save the custom role with the selected permissions. The role will now be available when adding users to the Site Manager, or modifying the roles that are assigned to existing users.

Adding and Configuring Users

Users and groups can be managed on the 'Users & Groups' page of the settings. Here the names of authorized users and groups are displayed in the table. All members of an authorized group are given the permissions of that group (membership is applied transitively). Permissions can be deleted by clicking the 'Remove'bin buttonicon. Click 'Configure' to add permissionsthe pencil icon to change the roles that have been assigned to a user or group. Changes to permissions can be discarded by clicking 'Cancel'.

Image Removed

Image Added

Additional users and groups can be granted access to Site Manager and SiteDeploy and assigned a role to control how much access they have. Permissions are configured separately for each provider, select the correct provider from the dropdown before configuring permissions.

The structure of the directory is navigable through the tree on the left, which shows the folders and organizational units which have been configured on the domain. On the right is a table listing the users and groups in the selected folder. Rows can be selected using the checkbox and added to the permissions list when the 'Add' button is pressed.

...

All users and groups that are added to the active permissions listing are given the 'Viewer' role by default, this role has the most restricted access. To increase a user's or group's access further, select 'Edit' from the role column to access the role editor for the selected user or group.

Image Removed

The role editor displays all role options available for selection. Select the roles required for the user or group and apply changed roles using the 'Save' button. Roles can be combined where necessary. Selecting all the non-administrator roles is equivalent to granting the administrator role to the account.

...

Role

...

Description

...

Grants minimum access to the Site Manager and SiteDeploy® user. A user with this role can view the majority of information available in Site Manager and SiteDeploy®, but can't make changes beyond configuring their own instance of the dashboard and table layouts. The repository browser and verification pages are unavailable to the user.

The user will only be able to launch Macrium Reflect using the deployment media, and will not be able to log in to the Site Manager.

...

Grants the same access as a 'Standard User' to Site Manager, but the user can perform remote restores, generate and download rescue media, access the repository browser (and open backups), and verify backups.

The user can log in to Site Manager using the deployment media but will only have access to the 'Restore Agent' button and the 'Launch Reflect' button.

...

Grants the same access as a backup and restore operator to Site Manager, but the user can configure backup plans, definitions, schedules, repositories, remote syncs, agent tags, access to the repository browser (full access, including deletion), and full access to manage agents (add, remove, remote install, upgrade and perform maintenance actions including reboot agent, reset VSS and resync logs).

The user can log in to Site Manager using the deployment media but will only have access to the 'Restore Agent' button and the 'Launch Reflect' button.

...

Grants the same access as a 'Standard User' to Site Manager, but the user can configure server settings, configure repositories, access the repository browser (view listings only), manage agent licensing, perform agent maintenance actions (reboot agent, reset VSS and resync logs), generate rescue media and install server updates.

the pencil icon shown next to the user or group in the 'Actions' column.

In the window that opens, the custom and pre-defined roles, described above, will be displayed. Select any combination of roles to control how much access the selected user or group will have:

Image Added