advertisement
Delegated Administration and Reporting
1.
Open the Policy Server list in the Web Security toolbar and make sure that you are connected to the Policy Server that communicates with the appropriate directory. You must be logged on with unconditional Super Administrator permissions.
2.
Open the Role list in the Web Security toolbar, and select the role from which managed clients are to be deleted.
3.
Go to Policy Management > Clients to see a list of all the clients to which the delegated administrator has explicitly assigned a policy.
This may include both clients that are specifically identified on the role’s managed clients list, and clients who are members of networks, groups, domains, or organizational units on the managed clients list.
4.
Delete the appropriate clients.
5.
Click OK to cache the changes.
6.
Open the Role list in the banner, and select the Super Administrator role.
7.
Go to Policy Management > Delegated Administration > Edit Role.
8.
Delete the appropriate clients from the managed clients list, and then click OK to confirm the delete request.
9.
Click OK on the Edit Role page to cache the changes. Changes are not implemented until you click Save and Deploy.
Managing Super Administrator clients
Web Security Help | Web Security Solutions | Version 7.8.x
Clients who are not specifically assigned to a delegated administration role are managed by Super Administrators. There is no Managed Clients list for the Super
Administrator role.
To apply policies to these clients, add them to the Policy Management > Clients page.
See
, page 84 . Clients who have not been assigned a specific policy are
governed by the Super Administrator Default policy.
There may be times when you cannot add clients to the Clients page. This can occur when the client is a member of a network, group, or domain (OU) that is assigned to another role. If the administrator of the other role has applied a policy to individual members of the network or group, those clients cannot be added to the Super
Administrator role.
Performing delegated administrator tasks
Web Security Help | Web Security Solutions | Version 7.8.x
Any delegated administrator who uses a Websense account (not their network credentials) to log onto the TRITON console can review account their account
Web Security Help
363
Delegated Administration and Reporting
information and change their password. See
.
Delegated administrators who have policy permissions can perform the following tasks.
View their role definition.
Navigate to the Policy Management > Delegated Administration page and click the role name. This brings up the Edit Role page, which lists the role’s managed clients and shows the reporting features available to administrators who have reporting permissions in the role.
Add clients to the Clients page
.
.
Apply policies to clients on the Clients page (see
Reporting permissions can be granted at a granular level. The specific reporting
permissions granted to your role determine which of the following tasks are available to administrators with reporting permissions.
To learn which features you can use, go to the Delegated Administration page and click the role name. The Edit Role page shows the reporting features for which you have permissions. For information about using any of those features, see:
View your user account
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Performing delegated administrator tasks
Add clients to the Clients page
If you log on to the TRITON console with network credentials, password changes are handled through your network directory service. Contact your system administrator for assistance.
If you have been assigned a local user name and password, view information about your account and change your password within the TRITON console.
1.
Click TRITON Settings in the TRITON toolbar, just under the banner.
The My Account page opens.
364
Websense Web Security Solutions
Delegated Administration and Reporting
2.
To change your password, first enter your current password, then enter and confirm a new password.
The password must be between 4 and 255 characters.
Strong passwords are recommended: 8 characters or longer, including at least one uppercase letter, lowercase letter, number, and special character (such as hyphen, underscore, or blank).
Click OK to save and implement the change.
3.
To see a list of roles that you can administrator, go to the Web Security manager
Policy Management > Delegated Administration > View Administrator Accounts page.
If you are assigned to manage only one role, its name appears in the list.
If you are assigned to manage multiple roles, click View next to your user name to see them listed.
4.
When you are finished, click Close to return to the Delegated Administration page.
Add clients to the Clients page
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Performing delegated administrator tasks
After Super Administrators assign managed clients to a role, delegated administrators
can add them to the Clients page and assign them policies. See
When clients are added to a managed clients list, their Internet requests are immediately subject to a policy in the role.
Clients previously assigned a policy within the Super Administrator role are governed by a copy of that policy in the new role. The Move to Role process automatically copies the applicable policy.
Clients not previously assigned a policy receive the new role’s Default policy.
Initially, this Default policy enforces a Default category and protocol filter copied from the Super Administrator role.
Any client that appears in the Managed Clients list on the Delegated Administration >
Edit Role page for your role can be added to the Clients page and assigned a policy.
For groups, domains (OUs), and networks assigned to the role, you can also can add:
Individual users who members of the group or OU
Individual computers that are members of the network
Web Security Help
365
Delegated Administration and Reporting
Because a user may be part of multiple groups or OUs, adding individuals from a larger client grouping has the potential to create conflicts when different roles manage groups our OUs with common members. If administrators in different roles access the
Web Security manager at the same time, they might add the same client (individual member of a group, for instance) to their Clients page. In that situation, policy enforcement for that client is governed by the priority established for each role. See
Create policies and filters
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Performing delegated administrator tasks
Add clients to the Clients page
When your role was created, it automatically inherited the current Default category filter and protocol filter from the Super Administrator role. A role-specific Default policy was created that enforces the inherited Default category and protocol filters.
(This role-specific Default policy is automatically applied to any client added to the role until another policy is assigned.)
The Super Administrator may have copied other policies and filters to your role, as well.
In addition to policies and filters, you also inherit any custom file types and protocols created by the Super Administrator.
You can edit inherited policies and filters. Changes you make affect your role only.
Any changes the Super Administrator later makes to the original policies and filters do not affect your role.
Note
Changes the Super Administrator makes to file types and protocols automatically affect the filters and policies in your role.
When a Super Administrator informs you of changes to these components, review your filters and policies to be sure they are handled appropriately.
You can also create as many new filters and policies as you need. Filters and policies created by a delegated administrator are available only to administrators logged on to your role. For instructions on creating policies, see
For instructions on creating filters, see
.
366
Websense Web Security Solutions
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project