Contained within this information are the Best Practices for setting up user permissions in Network Configuration Manager.

Important: It is recommended the creation of six distinct user groups to accommodate the division of responsibilities as it pertains to managing compliance and configuration management for your network.

The recommended groups are specific to the following responsibilities:

  • Super User for the application (Administrator group)

  • Viewing of configuration information (Viewers group)

  • Submission of proposed change (Submitters group)

  • Approval of change (Approvers group)

  • Creation of standards (Standards group)

  • Auditing change (Auditors group)

Each group, when established, must be managed. In addition, any network associated with the group must also be managed.

Administrator Group

Users assigned to this group have the ability to make changes throughout the system.  The number of users assigned to this group should be dictated by internal security policies.  When setting up the group, enable Systems Administration under Systems Permissions.

Viewers Group

Users assigned to this group have read only views of network devices for all assigned networks.

When setting up this group, ensure they have no rights under System Permissions.

Under Network Permissions, for the default Network, ensure only the following are enabled:

  • Network – View

  • Workspace – View

  • Device – View Details

Under Workspace Permissions, for the default Workspace, ensure only the following are enabled:

  • Workspace – View

  • Device – View Details

Submitters Group

Users assigned to this group have the ability to schedule jobs, run cut-throughs, and perform OS upgrades.

When setting up this group, under System Permissions, enable Schedule permissions.

Under Network Permissions, for the default Network, ensure the following are enabled:

  • Network – View Details

  • Workspaces – Create, Edit, Delete

  • Device – Create, View Passwords, Manage OS, Assign Credentials, View Details, & Run Cut-Throughs

  • Job – Schedule

  • View – Create, Edit, Delete

Under Workspace Permissions, under default Workspace, ensure the following are enabled:

  • Workspace – Edit, Delete

  • Device – Create, Manage OS, Assign Credentials, Run Cut-Throughs, View details

  • Job - Schedule

Approvers Group

Users assigned to this group have the ability to schedule and approve jobs.

Under Systems Permissions, ensure that Job Approval is enabled.

Under Network Permissions, for the default Network, ensure only the following are enabled:

  • Network – View

  • Device – View Details

  • Job – Approve

Ensure the Users assigned to this group do not have Workspace permissions.

Standards Group

The Standards group should have the following Systems permissions enabled:

  • Manage Templates

  • Manage Queries

  • Manage Compliance Standards

Under Network Permissions, for the default Network, ensure the following are enabled:

  • Manage Templates

  • Manage Queries

  • Manage Compliance Standards

  • Network – View

  • Workspaces – View

  • Device – View Details

Under Workspace Permissions, under default Workspace, ensure the following are enabled:

  • Workspace – View

  • Device –  View details

Auditors Group

The Auditor group should be given system permissions to view the event manager.

Under Network Permissions, for the default Network, ensure the following are enabled:

  • Network – View

  • Workspaces – View

  • Device – View Sensitive Data, View Details

Under Workspace Permissions, under default Workspace, ensure the following are enabled:

  • Workspace – View

  • Device –  View details