Delegated Administration

Delegated administration offers an TIBCO MFT Internet Server administrator the ability to divide the system into smaller units that can be managed independently of one another.

This sub division of the system offers greater security and eases of burden of administration on a single administrator. It allows businesses to create a system based on their organizational structure. Internal divisions of a corporation and external partners can be given autonomous control over the management of their users and transfers.

These smaller units, called departments, can have one or more administrators assigned to manage them. The department administrator’s domain is over the users, groups, transfers, servers and audit records assigned to the administrator's department and the departments that this administrator can manage. They cannot administer anything else in the system. The existing system rights, such as UpdateTransferDefinitionRight, can also be applied to department administrators thus offering a finer granularity of administrative control.

Administrators who are not assigned to a department are considered as super administrators who can manage the entire system. While department administrators can only access their own departments and the departments they can manage, super administrators have access to all departments in the system. They are the only ones who can administer servers, system configuration, FTP server configuration and checkpoints. They are also the only ones who can add departments and change the department to which a server is assigned.

An administrator can further limit the access to his users, groups and servers through the use of visibility. The visibility allows departments to interact with each other without giving up administrative control. When applied to users, groups and servers, visibility allows departments to expose or hide these items from each other. This is achieved by setting the visibility to public or private. For example, the Sales department can create a transfer and give authorization for that transfer to a public user in the Accounting department. The administrative control of the transfer still belongs to the Sales department that created it but the ability to transfer the file is given to a user in the Accounting department. The Sales department can in no way alter the attributes of the user from the Accounting department. If this Accounting user had been private, the Sales department could not give him authorization to transfer the file. In this case the user is effectively hidden from other departments.

This design allows existing customers to keep their system as it is and gives new customers the option not to use these features. In these cases all administrators are super administrators and transfer users, groups, servers and audit records are not assigned to any department. The system functions with respect to administration as it did in versions prior to version 2.2 of SIFT.