Previously, pool licenses could be managed only on a global level in a Control Center. As of firmware release 9.0.1, pool licenses can be configured so that administrators are allowed to handle them on a range/cluster level.
Before You Begin
Ensure you have read the following articles:
These two articles explain all the necessary steps for a correct configuration.
This article explains the logic of how a matching between an administrative scope and a list of possible ranges/clusters can be achieved so that a CC administrator with a limited scope is allowed to administer certain pool licenses. It also assumes that there are already pool licenses present in your Control Center and that you have already configured administrators on your Control Center that you can manage at CONFIGURATION > ADMINS.
How Certain Control Center Administrators with a Limited Scope Are Allowed to Administer Pool Licenses
The Control Center is designed to be managed by an administrator with global permissions. However, as the configuration tree grows with larger and larger environments, maintenance tasks also become increasingly challenging, thus requiring the tasks to be distributed among additional administrators. These administrators must be configured in the Control Center at ADMINS. In the corresponding configuration view, you can also set the scope of the administrator's role in terms of a specific range and cluster.
The list of administrators can be viewed in the Control Center at ADMINS:
To keep the configuration manageable, the Control Center allows you to arrange the configuration tree for the managed appliances into subordinated segments, where each segment represents a range, which, in turn, can be segmented into clusters that ultimately contain the configurations for the managed boxes.
As a result, the permission to manage specific pool licenses with a limited scope depends on matching the administrator's scope to an identical set of values that the global administrator can configure. The Control Center extracts these values from the range/cluster structure of the configuration tree:
Relevant Nodes in the CC Configuration Tree | Matching Filter Extracted from Range/Cluster Structure of the Configuration Tree |
|---|---|
|
|
Example: The table above on the right shows the list that contains all valid filters for selecting which pool licenses may be managed by a specific administrator at CONFIGURATION > Configuration Tree > Multi Range > Global Settings > Pool Licenses:
A valid configuration in the Control Center could look like this:
| List of Pool Licenses | List of CC Admins |
|---|---|
|
|
If a range-/cluster-related entry in the pop-up menu list matches any value of the column in the list of Control Center Admins, the associated administrator will be allowed to manage the related pool licenses.
As a result, the following administrators will be allowed to manage pool licenses for the following ranges/clusters. Note that an administrator is generally allowed to administer all ranges/clusters unless such permissions have been explicitly restricted, e.g., with a configuration level of 99, which refers to "read-only":
| Administrator | Pool License | Associative Range/Cluster |
|---|---|---|
| Global | Base | Range 3 / Cluster1 |
| Global, r2c3admin | Advanced Threat Protection | Range 2 / Cluster3 |
| Global | Energize Updates | Range 1 / Cluster83 |
| c1admin, glinked1, ladmin1, ladmin2, rlinked, rlinked1 | Base | Range 1 / Cluster1 |
| c2admin, rlinked | Energize Updates | Range 1 / Cluster2 |