Watchdoc - Rights - Manage administration rights for a group of queues
Principle
When you have a large fleet of print devices, it can be useful to manage the administration rights for groups of queues, so that operators at one site only have access to the group of queues they need to manage, without being interfered with by the queues of other groups.
For example, if you have a fleet of print devices divided between Site A and Site B, managing rights to groups of queues means that operators at Site A do not have access to the management of queues at Site B (and vice versa). That facilitates the day-to-day management of the queues for which they are responsible.
This configuration requires the configuration of roles, queue groups, administration rights and security profiles in Watchdoc.
Prerequisites
To configure these rights, it is ideal to have separate user groups created in the directory (‘Operators_Site_A’ and ‘Operators_Site_B’, for example). In this way, it is not necessary to change the role in Watchdoc when members join or leave the group.
If these groups do not exist in the directory, the users authorised to manage the queue groups can nevertheless be added by name in Watchdoc.
Procedure
Enable the use of Security Profiles
To enable Security Profiles to restrict rights on file groups:
-
from the Main Menu, Configuration section, click Advanced Configuration;
-
in the Advanced Configuration interface, click System Configuration;
-
in the Security section, thick the Use Security Profiles button to restrict administration rights by print queue groupbox:
-
Validate the System Configuration.
Create new roles
To distinguish between operators authorised to manage Site_A queues and operators authorised to manage Site_B queues, separate roles need to be created. To create roles:
-
from the Main Menu, Management section, click on Roles & Services :
-
in the Roles & Services list, click on the Create a new role button
:
-
in the Create a role interface, configure the role by giving it at least one Name (Ope_Site_A in the example);
-
in the Members section, select the directory group authorised to manage the first site. If there is no group, select the users authorised to manage the first site (you can also associate groups and users);
-
validate
the creation of the first role:
-
repeat the operation to create as many roles as you need (2, in our example).
Create queue groups and associate queues with them
To create groups of queues (see Creating a group of queues for more details) :
-
from the Main Menu, Production section, click Printing Queues, Locations, Queue Groups & Pools ;
-
click on the Queue Groups tab ;
-
click on the Create a new queue group button;
-
configure the group by specifying (among other parameters) the name of the group ;
-
return to the print queue configuration interface (Main menu, Production section, Printing Queues, Locations, Queue Groups & Pools, Print Queues tab);
-
in the list of queues, for each queue to be included in the group, click on the button
to edit the queue properties;
-
in the General Information section, select the queue Group to which the queue belongs:
-
validate the configuration of the queue;
-
repeat the operation for all the queues belonging to the group.
èOnce the queue group has been configured, apply administrative rights to it.
Apply administrative rights to a queue group
To apply administrative rights to a group :
-
from the Main Menu, Production section, click Printing queues, locations, queue groups & pools;
-
click on the Queue Groups tab;
-
In the list of groups, click on the name of the file group you want to configure;
-
In the group configuration interface, click on the Policy tab:
-
in the Policy interface, click on the Admin authorisation button:
-
in the Device admin rights section, edit the Group rights by clicking on the
button:
-
in the interface Group ACLs, tick the Use the custom rights defined below radio button:
-
in the Conditions column, select the group of users authorised to manage the queue group;
-
then configure the rights granted to the group of users for the group of queues concerned, granting at least administrative rights (admin);
-
save the specific rights once they have been configured:
è To check the configuration, ask a member of an operator group to authenticate himself on the administration site. In the list of queue groups, they will only see the queue group they are authorised to manage (or the queues in the list of print queues):