Browse
Tools
Categories

Functional Security Roles

Reference Number: AA-00827 Views: 7069 Last Updated: 03-08-2022 09:03 AM 0 Rating/ Voters

This article defines each of the functional security roles available in SiteAudit and what functions are permitted by users assigned to a role.

Functional Security Roles and Permissions

There are five functional security roles in SiteAudit. These roles are listed below. Note that the roles at the top have all the permissions of the roles beneath it. For example, a Tenant Administrator can do everything that a Manager and a Reviewer can do, but the Database Administrator and Server Administrator can perform certain functions that the Tenant Administrator cannot. The Server Administrator is the most permissive and can perform all functions within SiteAudit. The Reviewer is the least permissive and has the most restrictions pertaining to what the user is able to do within SiteAudit.

 

  • Server Administrator
  • Database Administrator
  • Tenant Administrator
  • Manager
  • Reviewer

 

Reviewer Role

The Reviewer role is the least permissive role. This role is ideal for analysts or users who want to view data and create or schedule reports. A reviewer is also able to perform most diagnostics with one exception: They cannot use the SQL Query tool to execute queries against the database. Reviewers are also not permitted to make any configuration changes, stop or start monitoring, upgrade database schemas etc.

 

The primary functions that can be performed by a Reviewer include:

  • View data and create reports
  • Schedule reports
  • Perform device and other diagnostics

 

Manager Role

The Manager role is able to perform all the functions of the Reviewer and is able to perform various configuration tasks such as discovery, mail server, notifications, and thresholds. A manager is not permitted to start/stop monitoring.

 

The primary functions that can be performed by a Manager include:

  • All functions permitted to a Reviewer
  • Import configuration information
  • Configure discovery, notifications, thresholds, mail server, SLA
  • Retire/Unretire, Manage/Unmanage devices
  • Configure printer costs
  • Change Asset information

 

Tenant Administrator Role

The Tenant Administrator can perform most functions needed to configure and operate SiteAudit. The Tenant Administrator cannot create/delete users nor assign roles and it cannot modify the license. The Tenant Administrator is the minimal role required to start / stop the monitoring service

 

The primary functions that can be performed by a Tenant Administrator include:

  • All functions performed by a Manager
  • Start/Stop monitoring service
  • Configure the Reporting Web Site
  • Modify Application Settings
  • Upgrade/modify the database schema
  • Perform SQL Queries against the SiteAudit database
  • Assign printers to departments
  • Delete collected data
  • Auto update Hosted Clients
  • Designate monitoring restart for Hosted Clients
  • Virtual Technician
  • Create remote DCA installer

 

Database Administrator Role

Users assigned to the Database Administrator role have the ability to create/delete users and assign roles to users. They can grant and revoke access to the SiteAudit database and modify the License.

 

The primary functions that can be performed by a Database Administrator include:

  • All functions performed by a Tenant Administrator
  • Create / Delete users
  • Backup database
  • Create or delete tenants (Hosted databases only)
  • Grant / revoke access
  • Configure licenses

 

Server Administrator Role

The Server Administrator is the most permissive role. A Server Administrator is able to perform all functions within the SiteAudit domain. The Server Administrator is a server role and is usually independent of a database administrator. This role is expected to be performed by those who have sysadmin rights on the SQL server.

 

The primary functions that can be performed by a Server Administrator include:

  • All functions performed by a Database Administrator
  • Create / delete databases
  • Create / delete / modify logins