Our customers have spoken and we’ve been listening. In the newest release of System Frontier, we’ve added features to enable better self-service for delegated administrators, an updated dashboard and many bug fixes and improvements.
NOTE: The behavior of the ReadCustomTool permission has changed. Any user in a Role with this permission will now have read-only access to all Custom Tools, including the source code. Please review your permission structure to ensure only the proper Role(s) have this permission.
For large organizations and enterprises, you will typically have operational teams spread across departments, divisions or business units. Whatever your organizational structure, you can now give teams in those areas the ability to manage themselves to a great degree. This takes the burden off one single person or team to manage your entire System Frontier deployment.
For example, let’s say you have a division called “Division X”. They need the ability create their own Containers, Custom Tools and setup new users in Roles that make sense for their division. As an SF administrator for the enterprise, you need to ensure their management scope is limited to their division and reduce the chance for any privilege escalation. You have some new permissions and capabilities to make this a reality. At a high level you could do the following:
- Create a Container that has all the servers for Division X called Division X Servers.
- Create a Role called Division X Admins and set its root Container to Division X Servers.
- Grant the CreateContainer, CreateRole and WriteCustomTool permissions to the Division X Admins role, as well as any other permissions needed. Be sure to scope the permissions to their root Container.
Now members of the Division X Admins role can create their own Containers as they see fit, but all the computer objects will be forced to come from their root Container. They can also create their own Roles, add users and groups to those roles and delegate permissions accordingly. They will only be able to delegate permissions that they have already been given and can only scope those permissions to Containers they have rights to.
They can also create Custom Tools and delegate permissions to any other Roles to safely run those tools. TIP: Encouraging everyone in your organization who is doing any kind of scripting or automation to move their scripts and command-line tools off their desktops and into System Frontier is a great way to collaborate, remove bottlenecks and increase collective productivity. It helps make your environment more secure by giving other teams the ability to run those scripts under the proper credentials but without them needing admin rights or direct access to the script code. You also get the benefit of having a web GUI automatically built for you as well as centralized logging of all script output.
Take a look at the changelog for more information. You can download the latest version from your account page. Don’t have an account? Sign up for a free 30-day trial today.