Account manager roles
A role defines what an account manager can do through the STA consoles. It reflects the account's business objectives, security requirements, operational hierarchy, and workflow..
A role is a combination of access permissions for the tabs, modules, and actions that are appropriate for the position. This high degree of granularity enables you to customize the security for each virtual server and role according to the account's operational requirements.
Access permissions
To define a role, you set access permissions for the tabs, modules, and actions on the account management console.
Operators also have roles. Operator roles define their access to the STA Access Management console and to the tabs, modules, and actions on the Virtual Server tab (the operator view of the STA Token Management console).
All permissions are set at the account level. As a result, an account manager can have different permission levels for different accounts.
Account manager roles include access permissions for the account management tabs:
-
Dashboard
-
On-Boarding
-
Virtual Servers
-
Administration
Account manager roles also include the following access permissions for each module on those tabs, and for the actions that you can perform in those modules:
-
Access: Display the module.
-
Edit: Provide access to all edit functions in the module.
-
Delete: Provide access to all delete or remove functions in the module.
-
Add: Provide access to all add functions in the module.
-
Import: Provide access to all import functions in the module.
-
Export: Provide access to all export functions in the module.
-
View Log: Provide access to the view log function in the module.
To configure a role, you select the access permissions for the tabs, modules, and functions that the role requires.
You can also view reports for your account manager roles
Where access to tabs and modules is allowed, you can restrict the functions within a module. For example:
-
To remove the ability for an account manager role to create a new account, in the On-Boarding section, clear the Create Account check boxes.
-
To allow an account manager role to view the Auth Node list but deny the ability to make any changes, in the On-Boarding section, clear the Add, Edit, and Delete check boxes for the Auth Nodes module.
This flexibility in role assignments supports a high degree of operational security.
Add an account manager role
Account manager roles are specific to the tenant account in which they are configured.
The default Account Manager role grants unrestricted rights to manage the tenant account.
All roles except the default Account Manager and Audit roles can be edited or removed. The Account Manager role cannot be removed or edited. The Audit role cannot be removed, but can be edited.
The roles that you need to create depend on your business requirements. However, there are a number of roles that are commonly required.
-
On the STA Token Management console, select Administration > Account Manager Roles.
The list of Account Manager roles displays.
-
To add a role, select Add. Enter the Role name and select Save.
-
To edit a role, in the row for that role, select Edit.
-
Configure the access permissions for the role, and then select Save.