Product Documentation

Configuring Command Policies for Delegated Administrators

Feb 21, 2014

NetScaler Gateway has four built-in command policies that you can use for delegated administration:

  • Read-only. Allows read-only access to show all commands except for the system command group and ns.conf show commands.
  • Operator. Allows read-only access and also allows access to enable and disable commands on services. This policy also allows access to set services and servers as “access down.”
  • Network. Permits almost complete system access, excluding system commands and the shell command.
  • Superuser. Grants full system privileges, such as the privileges granted to the default administrator, nsroot.

Command policies contain built-in expressions. You use the configuration utility to create system users, system groups, command policies, and to define permissions.

To create an administrative user on NetScaler Gateway

  1. In the configuration utility, in the navigation pane, on the Configuration tab, expand System > User Administration and then click System Users.
  2. In the details pane, click Add.
  3. In User Name, type a user name.
  4. In Password and Confirm Password, type the password.
  5. To add users to a group, in Member of, click Add.
  6. In Available, select a group and then click the right arrow.
  7. Under Command Policies, in Action, click Insert.
  8. In the Insert Command Policies dialog box, select the command, click OK, click Create and then click close.

Creating Administrative Groups

Administrative groups contain users who have administrative privileges on NetScaler Gateway. You can create administrative groups in the configuration utility.

To configure an administrative group by using the configuration utility

  1. In the configuration utility, in the navigation pane, on the Configuration tab, expand System > User Administration and then click System Groups.
  2. In the details pane, click Add.
  3. In Group Name, type a name for the group.
  4. To add an existing user to the group, in Members, click Add.
  5. Under Available, select a user and then click the right arrow.
  6. Under Command Policies, in Action, click Insert, select a policy or policies, click OK, click Create and then click Close.