Setting user permissions for a specific endpoint

This topic explains how to edit user permissions for a specific endpoint, add and remove users or groups, disable or enable inheritance, restore inherited permissions if they were overridden, and view effective permissions for a user.

To do this:

In the Manage Endpoint Connections (<server-display-name>) dialog, click the Endpoint Permissions toolbar button.

The User permissions for endpoint '<Display-Name>' dialog opens.
See the sections below for the procedures you can perform in the User permissions for endpoint '<Display-Name>' dialog.

To add a user or group:

In the User permissions for endpoint '<Display-Name>' dialog, click Add.
In the Add User/Group dialog box, select User or Group.
Enter the name for the new user or group in the following format:
- NetBIOS_name\user (for example: qa\qa)
- machine_name/local_user (for example: re2008r2js1\JohnMil1)
- username - This format is supported with SAML authentication only. The user/group name can contain any Unicode character up to 255 characters and must be a valid Identity Provider user (Okta or Microsoft Azure).
Click OK to add the user or group and close the dialog box.
Click OK to accept the changes, or Cancel to undo them.

To remove a user or group:

In the User permissions for endpoint '<Display-Name>' dialog, select the user or group you want to remove.
Click Remove.
When prompted, click Yes to confirm.
Click OK to accept the changes, or Cancel to undo them.

Only an Admin can edit user permissions.

To edit a user's permissions:

In the User permissions for endpoint '<Display-Name>', adjust the permission slider for a user or group as desired.

Information note
Adjusting the slider stops inheritance from the parent object.
Click OK to accept the changes or Cancel to undo them.

The following table summarizes the roles required for adding and editing the endpoint.

Endpoint operation roles
Operation	Viewer	Operator	Designer	Admin
Add and edit endpoint	No	No	Yes	Yes
View endpoint settings	Partial. Viewers can only see the Name, Description, Role, and Type fields.	Yes	Yes	Yes

By default, inheritance is enabled for all objects (users and groups). This means that permissions are automatically carried over from the parent object. You can turn inheritance on or off for all objects at the current level.

To turn off inheritance:

In the User permissions for endpoint '<Display-Name>' dialog, click Disable Inheritance.

Information note
This option disconnects the entire authorization level from the parent level.
In the Disable Inheritance dialog box, select whether you want to:
- Convert inherited permissions on this object into explicit permissions: This option changes inherited permissions to explicit permissions. Any new users or groups will not inherit permissions from the parent.
- Remove all inherited permissions from this object: This option removes all existing permissions inherited from the parent level. Any new users or groups will not inherit permissions from the parent.
Click Disable.

If you chose to convert inherited permissions, the check mark in the Inherited column changes into an X. If you chose to remove inherited, all users and groups disappear from the list.
Click OK to accept the changes or Cancel to undo them.

To turn on inheritance:

In the User permissions for endpoint '<Display-Name>' dialog, click Enable Inheritance.

Information note
This option enables inheritance for all users and groups on this level.
In the Enable Inheritance dialog box, select whether you want to:
- Inherit all permissions from parent and override any definition manually made at this level: This option reinstates inherited permissions for all users and groups that are already defined, and new users and groups will inherit their permissions from the parent level.
- Inherit all permissions from parent but keep definitions manually made at this level: This option preserves the permissions already defined for the existing users and groups and adds all permissions from the parent level. New users and groups will inherit permissions from the parent level.
Click Enable.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

To restore inherited permissions for a single user or group if they were overridden:

In the User permissions for endpoint '<Display-Name>' dialog, select the user or group.
Click Restore Inheritance.

The check mark returns to the Inherited column to indicate that permissions for this user or group are inherited from the parent.

To view effective permissions for a user:

In the User permissions for endpoint '<Display-Name>' dialog, do one of the following:
- Select a user in the list on the left.
- If a user does not appear in the list but exists in the system and is part of a group, enter the user name in the text field in the Effective Permissions pane on the right.
  
  Make sure to use the following format:
  - NetBIOS_name\user (for example: qa\qa)
  - machine_name/local_user (for example: re2008r2js1\JohnMil1)
Click Get Effective Permissions.

The effective permissions for the user you entered appear below the button.

For more information on Enterprise Manager’s security roles, see User permissions. For more information on the underlying concepts, see Granular access control and Inheritance and overrides.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here