Access to functionality within Panda Cloud System Management can be controlled by the use of roles. This flexibility enables the administrator to create Custom roles users.
Users can be created, disabled and deleted from the Users area.
Account Admin rights can be enabled for a user by the Account Admin switch.
Note: Enabling Account admin gives users full access to the account and will override any permission set by the Roles function.
The roles area is split into four subsections.
- Device Visibility: Device visibility controls the access to devices in their profiles or groups.
- Permissions: Permissions enable the administrator to set access to each area of the PCSM. The main page shows access to each of the tabs within the PCSM. The Account, Sites, Components, ComStore, Scheduled jobs, Scheduled Reports and Setup tabs can all be hidden or shown as required. Furthermore, additional granularity is available to further refine the access required by offering View/read only or Managed access to each of the areas.
- Agent Browser Tools: Access to each of the areas available to users logging into the PCSM Agent browser can be defined in this section. Disabling any of the options will result in the feature appearing grayed out to the user.
- Membership: The membership area is where the administrator defines which user or users belong to this role.
The administrator wants to create a role for Support engineers allowing them to use only the remote take over functionality in the PCSM and deny access to the PCSM functionality.
How to proceed
Given the situation above, this example will demonstrate how to create a role granting remote access capabilities only and assign a number of users to the role.
- Create a Role
Create the roles first, although the users could be created first and then added to the roles. It is personal preference.
To do this, you must be logged in as a user with Account Admin permissions.
- Click Setup tab >> Security levels tab>> New Security level tab.
- Give your role a name (e.g. Remote Access Users) and a description. If you have previously created roles, you can use these as a template by selecting a previous role in the Based On drop down menu.
- Click Create to move to the role configuration page.
- Enable which Sites and Groups members of this role will be able to access.
- Click the arrow on the Device Visibility menu to show the configuration options.
For the purpose of this exercise we will grant access to selected profiles from within the account.
- Slide the Sites switch to ON, select the required profiles and click Include.
- As members of this role will only have access to the Agent functionality, the administrator needs to ensure that the PCSM Permissions are off. Click the down arrow on the Permission menu and click move the switches to OFF.
- Next, the administrator needs to enable or disable access to Agent functionality for users in the role created.
For this example, the role will have access to all features except LanDeploy, Quick Job and the Registry Editor.
- Add the users you wish to belong to the role in the Membership section.
- Click Save and Close to confirm finish creating the role. Roles can be edited as required from the Roles screen.
- Create a User
- Click Setup tab >> Users tab >> New User tab.
- Fill in the user credentials and then select a role for the user. In this example, the user will be assigned to the Remote Access Users role.
Users can have more than one role assigned. The user can then switch between roles within the PCSM using the Roles drop down menu.
- Click the Default radio button to select the role the user will take upon login.
- Click Create to complete the user creation and return to the Users area.
The completed agent access looks like this: