Configure access policies

Access policies define permissions. A policy can be applied to a single user or group, or to multiple users and multiple groups. Citrix Application Delivery Management (ADM) provides four predefined access policies:

  1. adminpolicy. Grants access all Citrix ADM features. The user has both view and edit permissions, can view all Citrix ADM content, and can perform all edit operations. That is, the user can perform add, modify, and delete operations on the resources.

  2. readonlypolicy. Grants read-only permissions. The user can view all content on Citrix ADM, but is not authorized to perform any operations.

  3. appAdminPolicy. Grants administrative permissions for accessing the application features in Citrix ADM. A user bound to this policy can add, modify, and delete custom applications, and can enable or disable the services, service groups, and the various virtual servers, such as content switching, cache redirection, and HAProxy virtual servers.

  4. appReadOnlyPolicy. Grants read-only permission for application features. A user bound to this policy can view the applications, but cannot perform any add, modify, or delete, enable, or disable operations.

Note The predefined policies cannot be edited.

You can also create your own (user-defined) policies.

To create user-define access policies:

  1. In Citrix ADM, navigate to System > User Administration > Access Policies.

  2. Click Add.

  3. In the Policy Name field, enter the name of the policy, and enter the description in the Policy Description field.

    localized image

    The Permissions section lists of all Citrix ADM features, with options for specifying read-only, enable-disable, or edit access.

  4. Click the (+) icon to expand each feature group into multiple features.

    1. Select the permission check box next to the feature name to grant permissions to the users.

      • View: This option allows the user to view the feature in Citrix ADM.

      • Enable-Disable: This option is available only for the Network Functions features that allow enable or disable action on Citrix ADM. User can enable or disable the feature. And, user can also perform the Poll Now action.

        When you grant the Enable-Disable permission to a user, the View permission is also granted. You cannot deselect this option.

      • Edit: This option grants the full access to the user. User can modify the feature and its functions.

        If you grant the Edit permission, both View and Enable-Disable permissions are granted. You cannot deselect the auto-selected options.

      If you select the feature check box, it selects all the permissions for the feature.

    Note

    Expand Load Balancing and GSLB to view more configuration options.

    In the following image, the configuration options of the Load Balancing feature have different permissions:

    localized image

    The View permission is granted to a user for the Virtual Servers feature. User can view the load balancing virtual servers in Citrix ADM. To view virtual servers, navigate to Networks > Network Functions > Load Balancing and select the Virtual Servers tab.

    The Enable-Disable permission is granted to a user for the Services feature. This permission also grants the View permission. User can enable or disable the services bound to a load balancing virtual server. Also, user can perform Poll Now action on services. To enable or disable services, navigate to Networks > Network Functions > Load Balancing and select the Services tab.

    Note

    If a user has the Enable-Disable permission, the enable or disable action on a service is restricted in the following page:

    1. Navigate to Networks > Network Functions.

    2. Select a virtual server and click Configure.

    3. Select the Load Balancing Virtual Server Service Binding page. This page displays an error message if you select Enable or Disable.

    The Edit permission is granted to a user for the Service Groups feature. This permission grants the full access where View and Enable-Disable permissions are granted. User can modify the service groups that are bound to a load balancing virtual server. To edit service groups, navigate to Networks > Network Functions > Load Balancing and select the Service Groups tab.

  5. Click Create.