Product Documentation

Assign App Layering roles to users

Jan 11, 2018

To assign roles to users in the Citrix App Layering appliance, also known as Enterprise Layer Manager (ELM), it helps to first understand the concepts and role definitions.

Built-in administrator account

When you install the App Layering appliance and log on to the management console, use the built-in administrator account to get started. The administrator has the rights to perform all appliance operations. You can edit the administrators properties, including the name, password, and contact info. Change the password for this built-in administrator account as part of installing and configuring the appliance. 

Active Directory user accounts

Other than the built-in administrator account, all users are Active Directory users imported from one or more directory junctions. After you create your directory junctions, you can assign roles to each user. You can see which roles are assigned to a user in the User Details.

App Layering Roles defined

Roles determine which App Layering modules an administrator can manage. Administrators assigned one or more Roles can log on to the management console. They are listed on the Administrators tab when you click Users > Administrators.

Note

If you upgrade from version 4.0.6 or earlier, administrators assigned to the Machine Administrator Role in earlier releases are assigned to the Read-Only role. If the administrator needs more than read-only access, reconfigure the roles.

Rights by role

Rights Role

Administrator

  • Can do every operation available in the management console.
  • Only users assigned the administrator role can edit user properties on the Users tab. (Click Users > Users.)
  • Only administrators can configure system settings and manage licenses.

Manage App Layers

  • Can create, edit, and delete application layers and versions.

Manage Elastic Layer Assignments

  • Can add, update, and remove Elastic layer assignments.

Manage Image Templates

  • Can create, edit, and delete Image templates.
  • Can add, update, and remove app layer assignments for image templates.
  • Can update platform layer assignments for image templates.
  • Can update OS layer assignments for image templates.

Manage OS Layers

  • Can create, edit, and delete OS layers and versions.

Manage Platform Layers

  • Can create, edit, and delete Platform layers and versions.

Publish Layered Images

  • Can publish layered images.
  • Cannot create or change existing image templates.

Read-Only

  • Can view information about any items in the management console.
  • Cannot start any wizards or make any changes.
  • Cannot cancel any tasks.

User credentials for logging on to the management console

When you assign Roles to Directory Service users, they can use their Directory Service credentials to log on to the management console.

Who can assign App Layering Roles?

If you log on to the management console with the administrator role, you can change other user roles.

Assign App Layering roles to users

Log on to the management console.

Click Users > Users.

Select a user and then click Edit Properties. The Edit User wizard opens. 

On the Roles tab, select one or more roles for the user. For details, see the preceding section on Rights by role.

On the Confirm and Complete tab, click Update User. Any comments you type appear in the Information view Audit History.