Setting user permissions for a specific endpoint
This topic explains how to edit user permissions for a specific endpoint, add and remove users or groups, disable or enable inheritance, restore inherited permissions if they were overridden, and view effective permissions for a user.
To do this:
-
In the Manage Endpoint Connections (<server-display-name>) dialog, click the Endpoint Permissions toolbar button.
The User permissions for endpoint '<Display-Name>' dialog opens.
-
See the sections below for the procedures you can perform in the User permissions for endpoint '<Display-Name>' dialog.
To add a user or group:
- In the User permissions for endpoint '<Display-Name>' dialog, click Add.
- In the Add User/Group dialog box, select User or Group.
-
Enter the name for the new user or group in the following format:
NetBIOS_name\user
(for example:qa\qa
)machine_name/local_user
(for example:re2008r2js1\JohnMil1
)username
- This format is supported with SAML authentication only. The user/group name can contain any Unicode character up to 255 characters and must be a valid Identity Provider user (Okta or Microsoft Azure).
- Click OK to add the user or group and close the dialog box.
- Click OK to accept the changes, or Cancel to undo them.
To remove a user or group:
- In the User permissions for endpoint '<Display-Name>' dialog, select the user or group you want to remove.
- Click Remove.
- When prompted, click Yes to confirm.
- Click OK to accept the changes, or Cancel to undo them.
To edit a user's permissions:
-
In the User permissions for endpoint '<Display-Name>', adjust the permission slider for a user or group as desired.
Information noteAdjusting the slider stops inheritance from the parent object.
-
Click OK to accept the changes or Cancel to undo them.
The following table summarizes the roles required for adding and editing the endpoint.
Operation | Viewer | Operator | Designer | Admin |
---|---|---|---|---|
Add and edit endpoint |
No |
No |
Yes |
Yes |
View endpoint settings | Partial. Viewers can only see the Name, Description, Role, and Type fields. |
Yes |
Yes |
Yes |
By default, inheritance is enabled for all objects (users and groups). This means that permissions are automatically carried over from the parent object. You can turn inheritance on or off for all objects at the current level.
To turn off inheritance:
-
In the User permissions for endpoint '<Display-Name>' dialog, click Disable Inheritance.
Information noteThis option disconnects the entire authorization level from the parent level.
-
In the Disable Inheritance dialog box, select whether you want to:
- Convert inherited permissions on this object into explicit permissions: This option changes inherited permissions to explicit permissions. Any new users or groups will not inherit permissions from the parent.
- Remove all inherited permissions from this object: This option removes all existing permissions inherited from the parent level. Any new users or groups will not inherit permissions from the parent.
-
Click Disable.
If you chose to convert inherited permissions, the check mark in the Inherited column changes into an X. If you chose to remove inherited, all users and groups disappear from the list.
- Click OK to accept the changes or Cancel to undo them.
To turn on inheritance:
-
In the User permissions for endpoint '<Display-Name>' dialog, click Enable Inheritance.
Information noteThis option enables inheritance for all users and groups on this level.
-
In the Enable Inheritance dialog box, select whether you want to:
- Inherit all permissions from parent and override any definition manually made at this level: This option reinstates inherited permissions for all users and groups that are already defined, and new users and groups will inherit their permissions from the parent level.
- Inherit all permissions from parent but keep definitions manually made at this level: This option preserves the permissions already defined for the existing users and groups and adds all permissions from the parent level. New users and groups will inherit permissions from the parent level.
- Click Enable.
- Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.
To restore inherited permissions for a single user or group if they were overridden:
- In the User permissions for endpoint '<Display-Name>' dialog, select the user or group.
-
Click Restore Inheritance.
The check mark returns to the Inherited column to indicate that permissions for this user or group are inherited from the parent.
To view effective permissions for a user:
-
In the User permissions for endpoint '<Display-Name>' dialog, do one of the following:
- Select a user in the list on the left.
-
If a user does not appear in the list but exists in the system and is part of a group, enter the user name in the text field in the Effective Permissions pane on the right.
Make sure to use the following format:
NetBIOS_name\user
(for example:qa\qa
)machine_name/local_user
(for example:re2008r2js1\JohnMil1
)
-
Click Get Effective Permissions.
The effective permissions for the user you entered appear below the button.
For more information on Enterprise Manager’s security roles, see User permissions. For more information on the underlying concepts, see Granular access control and Inheritance and overrides.