During the initial UGMC configuration, creating at least one managed realm will create the following administrators:
-
UGMC Administrator. Usually, this is the user with the login name Admin. To log in to the console, they must specify the name as Admin/system, where "system" means they are logged in to manage UGMC services and not the managed realm.
-
The root administrator of the realm. This user can have any login name, e.g., Admin. To log in to the console, they must enter their name as Admin/realm_code, where realm_code is the code of the managed realm.
UGMC Administrators can create additional UGMC administrators and give them special rights (administrator profiles) to manage UGMC services. However, UGMC administrators are only allowed to manage UGMC services (see Configuring UserGate Management Center) and are not allowed to manage realms. Example of UGMC administrators' access rights:
Administrator |
Administrator Profile |
Access level |
---|---|---|
Admin/system |
Root profile |
Full. The administrator and their profile are created when the UGMC services are initialized. |
AdminRO/system |
ReadOnly |
View-only access to all UGMC services without the ability to modify them. |
AdminRealm/system |
RO+realms |
Create managed realms and their administrators as well as view any other UGMC settings without the right to modify them. |
AdminDash/system |
Dashboard |
Only allowed to view the Dashboard section. |
Root realm administrators can create additional administrators in their realm and assign them special rights (administrator profiles). Realm administrators are only allowed to manage their own realms (see Managed Realms). They cannot manage other realms or UGMC services. The root realm administrator can only be local and cannot be bound to an LDAP directory. Additional administrators created by the root realm administrator can be either local or bound to an LDAP directory. Examples of access rights for realm administrators:
Administrator |
Administrator Profile |
Access level |
---|---|---|
Admin/realm_code |
Root profile |
Full. Administrators and their profiles are created by the UGMC administrator. |
AdminRO/realm_code |
ReadOnly |
View-only access to all realm settings; no modification rights. |
AdminTemplates/realm_code |
Templates |
Create and modify all realm templates. |
AdminTemplateGeneral/realm_code |
TemplateGeneral |
Only modify the General template. |
AdminTemplateGeneralNET/realm_code |
TemplateGeneralNET |
Only modify network settings in the General template. |