Configuring Access Policies on NetScaler MAS

Access policies define permissions. A policy can be applied to a single user or group, or to multiple users and multiple groups. NetScaler MAS provides four predefined access policies:

  1. adminpolicy. Grants access all NetScaler MAS features. The user has both view and edit permissions, can view all NetScaler MAS content, and can perform all edit operations. That is, the user can perform add, modify, and delete operations on the resources.

  2. readonlypolicy. Grants read-only permissions. The user can view all content on NetScaler MAS, but is not authorized to perform any operations.

  3. appAdminPolicy. Grants administrative permissions for accessing the application features in NetScaler MAS. A user bound to this policy can add, modify, and delete custom applications, and can enable or disable the services, service groups, and the various virtual servers, such as content switching, cache redirection, and HAProxy virtual servers.

  4. appReadOnlyPolicy. Grants read-only permission for application features. A user bound to this policy can view the applications, but cannot perform any add, modify, or delete, enable, or disable operations.

Note: The predefined policies cannot be edited.

You can also create your own (user-defined) policies.

To create user-define access policies:

  1. In NetScaler MAS, navigate to System > User Administration > Access Policies.

  2. Click Add.

  3. In the Policy Name field, enter the name of the policy, and enter the description in the Policy Description field.

    localized image

    The Permissions section lists of all NetScaler MA Service features, with options for specifying read-only or edit access. Click the (+) icon to expand each feature group into multiple features. You must select the check box next to the feature name to give the users either the View or Edit Permissions. The Edit option includes permission to view. Select View for read-only, or Edit for full access.

    Note: Expand Load Balancing and GSLB to view more configuration options.

    localized image

    Note: Selecting Edit might internally assign dependent permissions that are not shown as enabled in the Permissions section. For example, when you enable edit permissions for fault management, NetScaler MAS internally provides permission for configuring a mail profile or for creating SMTP server setups, so that the user can send the report as a mail.


    David is the administrator for SSL certificate management/security in NetScaler MAS. In the policy assigned to David, the administrator selects the following check boxes in the Permissions section:

    • Networks > Configuration > Edit

    • Networks > Certificate Management > Edit

    • System > SSL Settings > Edit

    • System > System Configuration > Edit

    localized image

  4. Click OK.

Configuring Access Policies on NetScaler MAS