49
Delegated Administration
270
Websense Web Security and Websense Web Filter
Additionally, Super Administrators with policy permissions can view the audit
log, and are granted access to Websense configuration and other options, as
follows:
Unconditional permissions give the Super Administrator access to all system
configuration settings for the Websense installation, such as account, Policy
Server, and Remote Filtering settings, risk class assignments, and logging
options.
Unconditional Super Administrators can create or edit the Filter Lock that
blocks certain categories and protocols for all users managed by delegated
administration roles. See Defining filtering restrictions for all roles, page 296,
for more information.
Unconditional Super Administrators can modify the Super Administrator role,
adding and deleting administrators, as needed. They also can delete delegated
administration roles or delete administrators or clients from these roles.
Conditional permissions give the Super Administrator access to database
download, directory service, user identification, and Network Agent
configuration settings. Conditional Super Administrators who also have
reporting permissions can access configuration settings for the reporting tools.
Conditional Super Administrators can add Websense user accounts, but
cannot delete them. They can create and edit delegated administration roles,
but cannot delete roles or the administrators or managed clients assigned to
them. They also cannot delete administrators from the Super Administrator
role.
Reporting permissions enable Super Administrators to access all reporting
features and report on all users. Unconditional Super Administrators are
automatically given reporting permissions.
If an administrator is granted reporting permissions only, the Create Policy,
Recategorize URL, and Unblock URL options in the Common Tasks list are
unavailable. Additionally, the Check Policy option in the Toolbox is unavailable.
Creating multiple unconditional Super Administrators ensures that if the primary
Super Administrator is not available, another administrator has access to all Websense
policy and configuration settings.
Keep in mind that 2 administrators cannot log on at the same time to manage policy
for the same role. See Multiple administrators accessing TRITON- Web Security, page
296, for information on preventing conflicts.
The unique privileges of the Super Administrator role allow administrators in the role
access to all roles. To switch to another role after logon, go to the Role drop-down list
in the banner and select a role.
After changing roles, your policy permissions are limited to those available for the
delegated administration role. Filters and policies you create are available only to
administrators in that role. They can be applied only to managed clients in that role.
See Delegated administrators, page 271.