Administration Guide : Administering Xinet Users : Granting Administrative Privileges

Granting Administrative Privileges
Granting users Administrative Privileges allows users with access to the Xinet server to undertake administrative work typically reserved for the nativeadmin user. (The option requires the Xinet database and isn’t available to Xinet Portal users, as they are likely to be outside the firewall.) As nativeadmin, you decide how much administrative control you want to give each user. One user may be limited to simply viewing print queues and job logs while another may have full control over Xinet Print Queues, Spoolers and Hot Folders. Another user might not be able to see any administrative information pertaining to printing, but be able to set up Users and Groups and administer Volumes on the system. Think carefully, however, before granting these privileges, as users will be able to employ them system wide. Also, keep in mind that SubAdmin privileges offer an alternative, only allowing the user to administer a particular Group or Subgroup. (Enabling subadministrator provides details.) Should you choose to give a user both SubAdmin and Administrative Privileges, the more restrictive SubAdmin privileges for Users and Groups will take precedence.
Unlike SubAdmin privileges, where the number of users to whom you may assign it is limited by your Xinet license, you may assign Administrative Privileges to as many users as you would like. You may not, however, assign such privileges to the Default User nor to nativeadmin.
Privileged users gain access to any Administrative Privileges through their Preferences (found at Top Level.) The Admin button on the Preferences page, as shown in Figure 0-3, opens limited portions of the nativeadmin interface.
What each user sees depends on the access nativeadmin gives to him or her. All users may use the Administration interface to monitor print queues where ACLs allow access. (See ACL to grant access to queued jobs and logs for details and About Access Control Lists for more information about ACLs in general.)
Figure 0-3 How a user gains access to Administrative Privileges
Otherwise, what each user sees depends upon his or her Administrative Privileges settings. Figure 0-4 shows an example in which the user can see User Lists and Print/Hot Folder information. Step 3., below, provides details about the various sets of Administrative Privileges built into Xinet.
Figure 0-4 A user with permission to see User Lists
To grant administrative privileges:
If you have not already opened the Volumes/Users, Users, Edit User page and selected a user, do so now.
Use the Administrative Privileges disclosure triangle at the bottom of the page to expose the options shown below.
Figure 0-5 Administrative Privileges options
While the options may be used in combination, the following descriptions provide details for what each option does when used independently:
View User List
This option allows the user to see nativeadmin information about other Users on the system, which will include information about the User Type, Primary Group, Roles, assigned Template, Permission Set, and Upload email address, whether the User can change his or her password, assigned ACLs and the Default download format. The user can also see information about Groups that have been established on the system, including Group Type, Member Count, assigned Templates and Permission Sets.While the user may see this information, he or she can’t make changes to the settings.
Administer Users and Groups
Allows users to have administrative privileges over Users and Groups, granting access to a subset of pages that nativeadmin sees under the Volumes/Users tab and the pages to which they link. These include the Users, Groups, Styles, Plug-ins and Permissions pages, as shown in Figure 0-6, as well as their sub-pages.
Figure 0-6 When Administer User and Groups privileges have been granted to a user
Users with this privilege can add new Users and Groups and edit the composition of Groups. If the server has been licensed for it, they can assign Roles, although they can not establish Roles themselves. They can assign Styles and Plug-ins and appoint SubAdmins. They can also assign Templates and Permission Sets, although they can not actually establish Templates nor Permission Sets themselves. In no instance, however, can they change any settings for the nativeadmin user nor the Default user.
The options on each page the user sees may be subsets of those nativeadmin sees on that respective page. For example, on the Users, Edit Users page, only nativeadmin can set Administrative Privileges. Those options do not appear when an privileged user views the Edit User page.
Administer User Volumes
with this privilege can not add Users, although they can see a Summary of User settings. They can, however, using pages under the User Volumes subtab shown in Figure 0-7, give existing users access to existing Volumes and establish how users interact with those Volumes.
Figure 0-7 When Administer User Volumes privileges have been granted to a user
Manage Metadata (Data Fields, Templates, Permission Sets)
This option provides access to everything available to nativeadmin under the Data Fields subtab, as shown in Figure 0-8. Users can add and edit Data Fields, add and edit Data Field Sets and design File Info Panels.
Figure 0-8 When Manage Metadata privileges have been granted to a user
Manage Triggers and Actions
This option provides access to everything available to nativeadmin under the Actions and Trigger Sets subtabs, as shown in Figure 0-9. Users can add Settings to and edit Actions. They can also edit existing Trigger Sets and create new ones.
Figure 0-9 When Manage Triggers and Actions privileges have been granted to a user
View all print queues and job logs
This option allows the user to see all Xinet print queues and spoolers that have been configured on the system. (When this option has not been enabled, the user can only see those queues that have ACLs that allow the user access.) With View all print queues and job logs enabled, users can monitor print queues as nativeadmin does through the Queue Status page and its sub-pages, including viewing job progress, examining images used in jobs and viewing and downloading log files. They can’t, however, make changes to any queue or job.
Have full control over existing print queues
This option provides the user with the same ability to monitor print jobs that nativeadmin has, meaning users will be able to send Print Tests and cancel, put on hold, reorder or move jobs between queues.
Create, Edit and Delete print queues, Spoolers and Hot Folders
This option provides the user with the complete set of privileges that nativeadmin has over Print/Hot Folder administration, except for general, global administration options found under the nativeadmin General Admin tab (described in the following topic General global administration options for output queues) and color correction options found under the nativeadmin Color Settings tab (described in the following topic Setting global input ICC profiles). Otherwise, the user has complete control of existing print queues, with the ability to also create new ones.
Figure 0-10 When printing privileges have been granted to a user
View most logs
This options allows users to view the nativeadmin tabs shown in Figure 0-11. Users can view the Status page for Xinet services and daemons (the nativeadmin Logging, Status page), although they can’t Restart All Xinet Services as nativeadmin might there. Users can also see the nativeadmin Preview Generation tab and its sub-pages, although on the Pending and Details sub-pages, users can’t delete any previews that are still waiting to be generated as nativeadmin might. The option also gives users access to everything that nativeadmin sees on the Logging, Database and Logging, Triggers pages. Users will not have access to the following pages: Xinet System, Web Access, Print Daemon, Table Check, nor Settings
Figure 0-11 When View Most Logs privileges have been granted to a user
Administer Approvals and Roles [optional]
Only available to sites with
Approval licenses. Provides privileged users access to the Approval nativeadmin page.
Administer Archive [optional]
Only available to sites with Xinet Archive licenses. Provides privileged user access to the Archive nativeadmin page.
View WN Access Log
Provides privileged user access to the Web Access page.