Citrix Gateway

Configuring Command Policies for Delegated Administrators

Citrix Gateway has four built-in command policies that you can use for delegated administration:

  • Read-only allows read-only access to show all commands except for the system command group and ns.conf show commands.
  • Operator allows read-only access and also allows access to enable and disable commands on services. This policy also allows access to set services and servers as “access down.”
  • Network permits almost complete system access, excluding system commands and the shell command.
  • Superuser grants full system privileges, such as the privileges granted to the default administrator, nsroot.

Command policies contain built-in expressions. Use the configuration utility to create system users, system groups, command policies, and to define permissions.

To create an administrative user on Citrix Gateway

  1. In the configuration utility, in the navigation pane, on the Configuration tab, expand System > User Administration and then click System Users.
  2. In the details pane, click Add.
  3. In User Name, type a user name.
  4. In the Password and Confirm Password fields, type the password.
  5. To add users to a group, in Member of, click Add.
  6. In Available, select a group and then click the right arrow.
  7. Click Command Policies > Action > Insert.
  8. In the Insert Command Policies dialog box, select the command, click OK > Create > Close.

Creating Administrative Groups

Administrative groups contain users who have administrative privileges on Citrix Gateway. You can create administrative groups in the configuration utility.

To configure an administrative group by using the configuration utility

  1. In the configuration utility, in the navigation pane, on the Configuration tab, expand System > User Administration and then click System Groups.
  2. In the details pane, click Add.
  3. In Group Name, type a name for the group.
  4. To add an existing user to the group, in Members, click Add.
  5. Under Available, select a user and then click the right arrow.
  6. Under Command Policies, in Action, click Insert, select a policy or policies, click OK, click Create and then click Close.
Configuring Command Policies for Delegated Administrators