Gateways setup | RS

Asset Roles

An Asset Role is a predefined set of permissions regarding Asset management and usage. Asset Roles are applied to users from the Asset Management > Asset Roles page or from the Users & Security > Group Policies page.

If more than one role is assigned to a user, then the most specific role for a user is always used. The order of specificity for Asset Roles, from most specific to least specific, is:

• The role assigned to the relationship between a user and an Asset Group on the Asset Management > Asset Roles page
• The role assigned to the relationship between a user and an Asset Group on the Users & Security > Group Policies page
• The Asset Roles configured for a user on the Users & Security > Users page or the Users & Security > Group Policies page

To create or edit an Asset Role, enter or update the name and description. Then set the permissions a user with this role should have:

1. Under Asset Group or Personal Assets, determine if users can create and deploy Assets, move Assets from one Asset Group to another, or delete Assets.
2. Check the Start Sessions box to enable users to connect to any Assets they have access to.
3. To allow users to edit Asset details, enable any of the options including:
   • Start Sessions
   • Edit Tag
   • Edit Comments
   • Edit Public Portal
   • Edit Asset Policy
   • Edit Session Policy
   • Edit Connectivity and Authentication
   • Edit Behavior and Experience.
   • Click the blue info icons next to the last three options to see exactly what is affected by these fields.

Asset Policies

To control access to particular Assets, create Asset Policies. Asset Policies are used to control when certain Assets can be accessed by implementing schedules.

1. From the /login administrative interface, go to Asset Management > Asset Policies.
2. Click Add.

ℹ️

An Asset Policy does not take effect until you have applied it to at least one Asset.

3. Create a unique name to help identify this policy. Use a name that clearly identifies this policy when assigning it to Assets.
4. Set a code name for integration purposes. If you do not set a code name, one is created automatically.
5. Add a brief description to summarize the purpose of this policy.
6. If you want to enforce an access schedule, check Enabled. If it is disabled, then any Assets that use this policy can be accessed without time restrictions.
   • Set a schedule to define when Assets under this policy can be accessed. Set the time zone you want to use for this schedule, and then add one or more schedule entries. For each entry, set the start day and time and the end day and time.
   • If, for instance, the time is set to start at 8 PM and end at 5 PM, a user can start a session using this Asset at any time during this window but may continue to work past the set end time. Attempting to re-access this Asset after 5 PM, however, results in a notification that the schedule does not permit a session to start. If necessary, the user may choose to override the schedule restriction and start the session anyway.
   • If stricter access control is required, check Force session to end when schedule does not permit access. This forces the session to disconnect at the scheduled end time. In this case, the user receives recurring notifications beginning 15 minutes prior to being disconnected.
   • Check to Require a ticket ID before a session starts.
   • For additional security, the Asset Policy can require an end-user to confirm their identity using a multi-factor authentication challenge before starting or elevating a session. Check to require this.
7. When you are finished configuring this Asset Policy, click Save.

After the Asset Policy has been created, you can apply it to Assets either from the representative console or when importing Assets from the /login interface.

Asset Groups

An Asset Group is a way to organize Assets, granting members varying levels of access to those items. Users are assigned to Asset Groups from this page or from the Users & Security > Group Policies page.

To quickly find an existing group in the list of Asset Groups, enter the name, part of the name, or a term from the comments. The list filters all groups with a name or comment containing the entered search term. The list remains filtered until the search term is removed, even if the user goes to other pages or logs out. To remove the search term, click the X to the right of the search box.

You can create or edit an Asset Group, assigning it a name, code name, and comments. The Group Policies section lists any group policies that assign users to this Asset Group.

In the Allowed Users section, you can add individual users if you prefer. Search for users to add to this Asset Group. You can set each user's Asset Role to make their permissions specific to Assets in this Asset Group, or you can use the user's default Asset Role as set on the Users & Security > Group Policies page or the Users & Security > Users page. An Asset Role is a predefined set of permissions regarding Asset management and usage.

Existing Asset Group users are shown in a table, along with their assigned role and how the role was granted. You can filter the view by entering a string in the Filter by name text box. You can also edit a user's settings or delete a user from the Asset Group.

To add groups of users to an Asset Group, go to Users & Security > Group Policies and assign that group to one or more Asset Groups.

ℹ️

Edit and delete functionality may be disabled for some users. This occurs either when a user is added via group policy or when a user's system Asset Role is set to anything other than No Access.

You can click the group policy link to modify the policy as a whole. Any changes made to the group policy apply to all members of that group policy.

You can click the user link to modify the user's system Asset role. Any changes to the user's system Asset role apply to all other Asset Groups in which the user is an unassigned member.

You also can add the individual to the group, overriding their settings as defined elsewhere.