To simplify the administration of granting permissions to users, Forefront TMG provides administrative roles for enterprise and array administrators. A role defines a collection of rights, which authorize users and groups to perform specific actions. When you assign a role to a user or group, Forefront TMG configures the corresponding objects to grant the permissions needed to perform the actions allowed by the role, to the user or group. For more information about Forefront TMG administrative roles, see About Forefront TMG roles and permissions.
The following procedures describe how to assign administrative roles for enterprise administrators and array administrators.
To assign administrative
roles for enterprise administrators
-
In the Forefront TMG Management console, in the tree, click the Enterprise node.
-
On the Tasks tab, click Assign Administrative Roles.
-
On the Assign Roles tab, click the upper Add button. Then, do the following:
- In Group or User, enter the name of the group or user
that will be allowed to access information stored in the local
instance of Active Directory Lightweight Directory Services
(AD LDS), and monitor arrays in the domain.
- In Role, select one of the following:
- Forefront TMG Enterprise
Administrator—Authorizes the specified group or user to perform
all administrative tasks in the enterprise and arrays in the
domain.
- Forefront TMG Enterprise
Auditor—Authorizes the specified group or user to perform
monitoring tasks, and to view enterprise and array
configuration.
- In Group or User, enter the name of the group or user
that will be allowed to access information stored in the local
instance of Active Directory Lightweight Directory Services
(AD LDS), and monitor arrays in the domain.
-
When you have finished, click OK.
-
In the details pane, click the Apply button, and then click OK.
To assign administrative
roles for array administrators
-
In the Forefront TMG Management console, in the tree, click the Forefront TMG node.
-
On the Tasks tab, click Assign Administrative Roles.
-
On the Assign Roles tab, click the upper Add button. Then, do the following:
- In Group or User, enter the name of the group or user
that will be allowed to access information stored in the local
instance of AD LDS.
- In Role, select one of the following:
- Forefront TMG Array
Administrator—Authorizes the specified group or user to perform
all administrative tasks in the array.
- Forefront TMG Array Auditor—Authorizes
the specified group or user to perform all monitoring tasks, and to
view the array configuration.
- Forefront TMG Array Monitoring
Auditor—Authorizes the specified group or user to perform
specific monitoring tasks.
- In Group or User, enter the name of the group or user
that will be allowed to access information stored in the local
instance of AD LDS.
-
When you are finished, click OK.
-
In the details pane, click the Apply button, and then click OK.
Copyright © 2009 by Microsoft Corporation. All rights reserved.