Delegated Administration

Delegated administration offers an administrator the ability to divide the system into smaller units which can be managed independently of one another. This subdivision of the system offers greater security and eases of burden of administration on a single administrator. It allows businesses to create a system based on their organizational structure. Internal divisions of a corporation and external partners can be given autonomous control over the management of their users and transfers.

These smaller units, called departments, can have one or more administrators assigned to manage them. The department administrator’s domain is over the users, groups, transfers, servers, and audit records assigned to the administrator's department and the departments that this administrator can manage. The department administrator cannot administer anything else in the system. The existing system rights, such as UpdateTransferDefinitionRight, can also be applied to a department administrator thus offering a finer granularity of administrative control.

Administrators who are not assigned to a department are considered super administrators who can manage the entire system. While department administrators can only access their own departments and the departments they can manage, super administrators have access to all departments in the system. They are the only ones who can administer servers, system configurations, FTP server configuration, and checkpoints. They are also the only ones who can add departments and change the department to which a server is assigned.

Administrators can further limit the access to their users, groups, and servers through the use of visibility. Visibility supports departments to interact with each other without giving up administrative control. When applied to users, groups, and servers, visibility supports departments to expose or hide these items from each other. This is achieved by setting the Visibility parameter to public or private. For example, the Sales department can create a transfer and give authorization for that transfer to a user with public visibility in the Accounting department. The administrative control of the transfer still belongs to the Sales department that created it but the ability to transfer the file is given to a user in the Accounting department. The Sales department can in no way alter the attributes of the user from the Accounting department. If this Accounting user is with private visibility, the Sales department cannot give this user authorization to transfer the file. In this case the user is effectively hidden from other departments.

This design supports existing customers to keep their system as it is and gives new customers the option not to use these features. In these cases, all administrators are super administrators, and transfer users, groups, servers, and audit records are not assigned to any department. The system functions with respect to administration as it did in versions prior to version 2.2 of SIFT.

Copyright © 2022. Cloud Software Group, Inc. All Rights Reserved.