Skip to content

Creating and Managing User Roles

Management Console allows the creation and management of user roles. Roles are created with a set of permissions that allow the administrator to configure which Management Console pages are accessible as well as what options within each page that are enabled. Each role can be finely tuned to a set of permissions that limit the access users have to configurable options within Management Console.

Default roles for users are applied to users depending on where the user is created.

  • Management Console created users obtain the System Administrator role.

  • IDP created users obtain the Administrator role by default. Management Console System Administrators can subsequently change this users role.

  • Active Directory users can have roles assigned to them from roles assigned to there AD Groups.

Unlicensed Management Console

The DELETE and EDIT buttons are deactivated on unlicensed versions of Management Console.

The SET PERMISSIONS allow each Management Console page to be made available for use by the role. Permissions of Show and Hide can be set for each page. Once the SET PERMISSION is selected, the Detail Permissions become viewable and represent the configurable options within each Management Console page. Detailed permissions can be set to Enable, Disable or Hide.

When managing a new role, take the time to plan your administrative structure for PCoIP endpoints. If your organization requires changes to existing roles, you can easily do this by using the EDIT button and changing the permissions of each role. If role permissions are changed while a user of the role is logged in, the permissions take affect right away and will be seen when the user refreshes the Management Console page.

Active Directory Groups

  • You can identify Active Directory Groups associated with a user by viewing the AD GROUP column in the ROLES AND PERMISSIONS tab on the Management Console AUTHENTICATION page.
  • When an Active Directory user belongs to multiple Active Directory groups, the USER ROLE will take from the first group listed by Active Directory Server.
  • When a new role has been applied to an Active Directory group or user, the changes will be reflected in all relative fields only after logged in users log out and back in again.

    • Creating a User Role

    To create a user role, perform the following steps:

    1. From the SETTINGS > AUTHENTICATION page, click the ROLES AND PERMISSIONS tab.

    2. Click ADD.

    3. Enter the Role Name (no spaces allowed) and then select the set of permissions specific to that role.

    4. Click SAVE.

    The newly created role will now be available to assign to any Management Console user.

    Deleting Roles

    Roles cannot be deleted if a user is associated with that role. You can only delete multiple roles at once if all the selected roles for deletion do not have a user associated with it.

    Resetting User Roles

    Administrators can reset user roles using the provided script in the scripts folder located at /opt/teradici/scripts. This may be required when a role is limiting users to a Management Console feature. Running of the script will provide full Management Console access back to the specific user role. Allow a few minutes for Management Console to reboot.

    To reset a user role to provide full access

    1. SSH to the Management Console.

    2. Browse to /opt/teradici/scripts and type the command:

      sh reset_user_role.sh { userName }

    Available role permissions

    SET PERMISSION
    (Show or Hide)    		 Detailed Permissions
    (Show, Hide, Enable, Disable or Hide)
    ENDPOINTS Permissions with Show or Hide
  • Grouped
  • Ungrouped

    • Permissions with Enable, Disable or Hide

  • Profile (Group only)
      • Details
      • Change
      • Apply
  • Sructure
      • Move
      • Rename
      • New Group (Grouped only)
      • Remove Group (Grouped only)
  • Endpoints
      • Details
      • Power Down
      • Power reset
      • Reset to default
      • Clear management state
      • Export all
      • Export currently viewed
      • Delete
      • Get all settings
      • Request Certificate (Grouped only)
      • Endpoints Discovery
    PROFILE Permissions with Enable, Disable or Hide
    • New profile
    • Edit profile
    • Duplicate profile
    • Delete profile
    • Import File
    • Export File
    • Global turn on or off Persistent Configuration
    SCHEDULE Permissions with Show or Hide
    • Schedule tab
    • History tab
    Permissions with Enable, Disable or Hide
    • New schedule
    • Edit schedule
    • View schedule
    • Delete schedule
    ENDPOINT CERTIFICATES Permissions with Enable, Disable or Hide
    • New certificate rule
    • View certificate rule
    • Edit certificate rule
    • Delete certificate rule
    • Global turn on or off certificate rule
    AUTO CONFIGURATION Permissions with Enable, Disable or Hide
    • New autoconfig rule
    • Edit autoconfig rule
    • Delete autoconfig rule
    • Global turn on or off autoconfig
    SETTINGS N/A