30 days of ADM: Day 18 October 21, 2022
Role base access controls for ADM, control your inner Diva!
I am back, it is day 18.
Everyone has a defined role, you could be the star of the show, with top-level billing and a wardrobe to die for (Darling!). The thing is, generally, that might not mean that you are actually any good behind the camera. Of course, there are exceptions.
The same applies to IT.
Where is he going with this?
Suffice it to say, that some people need access to certain information and controls due to the job function. Irrespective of the clothes. What we need is a way to manage that access.
We can solve for that!
You have been selected for a training course in Citrix ADM, the goal is to provide you with enough information to be actually dangerous when talking to a customer or client. 30 days is a bit of an arbitrary number, but I am prepared to give you 2minutes of material, can I get 2 minutes of your time?
I have talked about Fleet management, general analytics, security analytics, AI / ML, Stylebooks, Pooled Capacity, instance advisory upgrade, security advisory, Autoscaling, onboarding, RESTful API, CADS self-managed, Service Graph, Web Transaction Analytics, Config Jobs, Network Reporting and SSL Dashboard
Today is all about Role Based Access Control - RBAC.
Honestly, what are you talking about?
Role Based Access Control, shortened to RBAC, is all about giving different levels of access to a system based on what a role requires. So why does this apply to an Administration, Analytics and Automation tool?
Good that you asked, in some cases, the ADM console will be for the Network Admin or Site reliability engineer. There are cases where you might also want an application owner to have delegated access that gives them some limited choices to set up their application.
So what? What problem does it solve?
There is a role-based framework, that allows the ADM administrator the option to give reduced levels of access to different people. This then allows the ADM admin to get on with his/her tasks, without the need to do everything for application owners.
Divide and conquer.
Who would be interested in this?
Almost any customer uses NetScaler within their infrastructure to provide a service. That’s everyone, right?
Let me have an example of its use.
When you first set up ADM, that account has superuser rights over everything. Subsequent accounts are delegated admins, they don’t get to set up accounts.
The RBAC system has a few objects that allow you to define who has access to what. The policy that is being created below would allow the group to have just access to view Applications, for example, if the Application owner wanted to see how an application was performing in Web Insight. That Application owner would then not need access to all the Assets that ADM can see.
Least privilege is something that should be used across the infrastructure.
As shown above, it is possible to define which modules a role can see and also if the role has permission to just view it or edit settings. Using these policies you could get really granular.
Ok, what else?
Once you have the policy you want, just create an associated group and assign the group the policy. Pretty simple.
There are some default groups to get started with.
What else?
You can then drill into the specific applications that are defined and allow the Application admin the ability to see just his/her application.
What would Sanyukta say?
Here is a short video from Sanyukta, another 5 minutes of your time!
Summary.
Having a way to give application owners the ability to tap into ADM and see some of the stats can be a powerful option. You get the ability to delegate management of our infrastructure and set up a permissions structure that fits your needs. This will help you stay on top of your environment. With tools like this, you can save time and ensure that you get back to high-value tasks.
Ultimately, it is another killer feature that is enabled with ADM service.
It is free too.
What’s not to like?