Delegated administration

SecureTransport provides a customizable administrator type called a delegated administrator. The delegated administrator works with specific user groups referred to as business units. User accounts, service accounts, account templates, unlicensed user accounts, and applications are divided into business unit groups and each user or service account, unlicensed user, and account template is assigned to only one business unit.

Each delegated administrator is assigned one or more business units that determine the user accounts, service accounts, unlicensed user accounts, account templates, and applications managed by that administrator. Tracking information is also displayed based on the business unit assigned.

When you log in to the SecureTransport Administration Tool as a delegated administrator, you see a subset of the menus and pages normally available. You are allowed to view the file transfer tracking information, accounts, and applications that are assigned to your business unit.

As a delegated administrators with the Manage Administrators privilege, you can create other delegated administrators and perform the following actions:

  • Delegate to the new administrator any privileges that you have
  • Assign your business unit or any child business unit to the new administrator

When you create a delegated administrator, you can assign Read Only or any combination of the other following privileges.

Privilege Description
Read Only Allows the administrator to view the pages only. This administrator cannot make any changes. Use Read Only for auditing.
Create Users Allows the administrator to create new accounts for an assigned business unit.
Update Users Allows the administrator to modify existing accounts for an assigned business unit.
HelpDesk Rights Allows the administrator to change the password of users in an assigned business unit. The administrator can also enable or disable a user in the assigned business unit.
Manage Administrators Allows the administrator to create, modify, and delete delegated administrators for an assigned business unit.
Manage Applications Allows the administrator to create, modify, and delete applications other than Shared Folder type applications for an assigned business unit.
Manage Shared Folders Applications Allows the administrator to create, modify, and delete Shared Folder type applications for an assigned business unit.
Manage Business Units Allows the administrator to create, modify, and delete business units.
Manage Route Package Templates

Allows the administrator to create, modify, and delete route package templates.

Note In order these privileges to take effect, the appropriate administrative role should be updated to allow access to the Routes Menu.
Manage 'External Script' Step

Allows the administrator to create, modify, and delete any External Script steps in a route belonging to route package or route package template.

Note In order these privileges to take effect, the appropriate administrative role should be updated to allow access to the Routes Menu.
Manage Login Restriction Policies Allows the administrator to create and maintain login restriction policies. They can also create and manage login restriction policy entries.

When each delegated administrator delegates privileges and assigns business unit to delegated administrators he creates, the result is a hierarchy of delegated administrators where those higher in the hierarchy can have greater responsibility and more privileges than those below them.

For example, a finance delegated administrator with permission for the finance business unit can create an audit delegated administrator who can view the Administration Tool pages and two other delegated administrators to administer business units within finance. The following diagram shows the hierarchy:

Delegated administration hierarchy

Example delegated administration hierarchy

The following topic describes how to create a delegated administrator:

Related Links