Propagating user roles to secondary Administration Servers

By default, the lists of user roles of the primary and secondary Administration Servers are independent. You can configure the application to automatically propagate the user roles created on the primary Administration Server to all of the secondary Administration Servers. The user roles can also be propagated from a secondary Administration Server to its own secondary Administration Servers.

To propagate user roles from the primary Administration Server to the secondary Administration Servers:

  1. Open the main application window.
  2. Do one of the following:
    • In the console tree, right-click the name of the Administration Server and select Properties in the context menu.
    • If you have an active Administration Server policy, in the workspace of the Policies folder, right-click this policy and select Properties in the context menu.
  3. In the Administration Server properties window, or in the policy settings window, in the Sections pane select User roles.

    The User roles section is available if the Display security settings sections option is enabled.

  4. Enable the Relay list of roles to secondary Administration Servers option.
  5. Click OK.

The application copies the user roles of the primary Administration Server to the secondary Administration Servers.

When the Relay list of roles to secondary Administration Servers option is enabled and the user roles are propagated, they cannot be edited or deleted on the secondary Administration Servers. When you create a new role or edit an existing one on the primary Administration Server, the changes are automatically copied to the secondary Administration Servers. When you delete a user role on the primary Administration Server, this role remains on the secondary Administration Servers afterward, but it can be edited or deleted.

The roles that are propagated to the secondary Administration Server from the primary Server are displayed with the lock () icon. You cannot edit these roles on the secondary Administration Server.

If you create a role on the primary Administration Server, and there is a role with the same name on its secondary Administration Server, the new role is copied to the secondary Administration Server with the index added to its name, for example, ~~1, ~~2 (the index can be random).

If you disable the Relay list of roles to secondary Administration Servers option, all the user roles remain on the secondary Administration Servers, but they become independent from those on the primary Administration Server. After becoming independent, the user roles on the secondary Administration Servers can be edited or deleted.

Page top