Account Manager roles

A role is a combination of tabs, modules, and tasks that are available to an Account Manager. While access to tabs and modules is allowed, the tasks within a module can be restricted. For example:

• Disabling the Create Accounts hyperlink under Shortcuts would remove the ability for an Account Manager to create a new account.
• Disabling the Add, Edit, and Remove actions in the Auth Nodes module would allow an Account Manager to view the Auth Node list and deny the ability to make any changes.

This flexibility in role assignments supports a high degree of operational security.

As a Service Provider, it is likely that you will add a number of Account Managers to assist with the tasks of onboarding, managing, and supporting your Subscriber accounts. An Account Manager is any person that can log in to the Management Console with access to any of the following Service Provider tabs - Dashboard, Onboarding, Virtual Server, and Administration. Subscriber accounts in this document refer to organizations that you on-board and manage, including accounts configured as Subscriber or Virtual Service Provider in the Services module.

Operational security gives you the tools to tailor Account Manager “roles” and “scope”. SafeNet Authentication Service (SAS) can also generate service alerts and automatically deliver these alerts to specified Account Managers, making them aware of events that require their attention as they occur in real time.

The steps in establishing operational security include:

• Configure account management groups
• Configure Account Manager roles
• Add Account Managers
• Configure alert event thresholds
• Configure external alert recipients

Create an Account Manager role

To create an Account Manager role:

1. On the SAS console, select Administration > Account Manager Roles.

   The list of Account Manager roles is displayed.

   

2. Click a role name to display the associated tabs, modules, and actions.
   All roles except the default Account Manager and Audit roles can be edited or removed by clicking Edit and Remove respectively. The Account Manager role cannot be removed or edited. The Audit role cannot be removed but can be edited.

   

   Default Role: The Default role is a Service Provider role that grants access to all Management Console functionality and all Account Management Groups. This role cannot be modified. Account Managers will be automatically assigned to this role if no other roles are created. In general, only a few and trusted Account Managers should have the Default role.

   Default Management Group: The Default Management Group is an initial group created at the time your Service Provider account was created. Additional groups can be created and accounts can be moved between groups at any time. The Default group cannot be removed or renamed. All other groups can be modified or removed as necessary.

Add or edit an Account Manager Role

To add a role or edit an existing role, click the Add button or Edit hyperlink respectively. After adding, you will be prompted to create a role name and a role description, after which you’ll be presented with the Role configuration page.

The Role configuration page is split into several horizontal sections, each representing a different tab. Within each section is a table listing all modules available on the tab and a corresponding set of actions available for each module.

Clearing a check box removes the tab, module, or action from the role.

There are seven possible actions:

• Access — Display the module.
• Edit — Provide access to all edit functions available in the module.
• Delete — Provide access to all delete or remove functions available in the module.
• Add — Provide access to all Add functions available in the module.
• Import — Provide access to all import functions available in the module.
• Export — Provide access to all export functions available in the module.
• View Log — Provide access to the View Log function available in the module.