Delegated administration
Delegated Administration allows administrators to assign one or more pre-defined roles to non-administrator users or groups. With delegated roles, non-administrator users can help manage system resources and perform routine tasks, such as updating apps, monitoring CPU usage, and backing up important data. This reduces the workload of system administrators and provides better flexibility and efficiency for your organization.
Delegated roles and permission restrictions
Overview
Administrators assign one or more delegated roles to up to 32 local/domains users and 32 local/domain groups. Users have the privileges of the delegated roles that are assigned to them and their groups.
Users can see their assigned roles by hovering over their user name on the Desktop task bar.
Users with delegated roles can only access settings associated with their roles. For example, users assigned the Application Management and System Monitoring roles can only access App Center, Resource Monitor, and Desktop Dashboard, but have no access to other system settings.
To ensure system security and functionality, non-administrators with delegated roles have the following general restrictions.
-
Unable to manage the "administrators" group or its members
-
Unable to change their own account settings
-
Can only grant or change permissions that are within the scope of their own privileges.
-
For example, if a delegated users has read-only access to a shared folder, this user can only grant other users read-only permissions or deny them access to this shared folder.
-
-
May only have limited or no access to certain sensitive settings or functions when performing administrative tasks or when using applications and services, even with associated roles
Delegated Roles
For details on each delegated role and their respective restrictions, see the following table.
Delegated Role |
Permissions |
Restrictions |
---|---|---|
System Management |
This role has the permissions of all delegated roles. This role also has permission to use the following applications or services: QuLog Center, Notification Center, Network & Virtual Switch, Security Counselor, License Center, QuFTP Service, Malware Remover, Multimedia Console, Control Panel, Storage & Snapshots, and iSCSI & Fibre Channel. |
Unable to access the following settings in Control Panel: Delegated Administration, System Restore, Telnet/SSH, and Recycle Bin |
Application Management |
This role has permission to manage apps in the App Center. |
|
Access Management |
This role has permission to configure security settings in Control Panel and to use QuFirewall. |
- |
System Monitoring |
This role has permission to monitor the system in Resource Monitor and Desktop Dashboard. |
- |
User and Group Management |
This role has permission to create, edit, and delete local users and groups. This role can also edit domain users and groups. |
|
Shared Folder Management |
This role has permission to create, edit, and delete shared folders. |
|
Backup Management |
This role has permission to use Hybrid Backup Sync and Hyper Data Protector. In addition, this role also has the permissions of the Shared Folder Management role. |
- |
Backup Operation |
This role has permission to help administrators monitor, manage, and execute backup tasks in Hybrid Backup Sync and Hyper Data Protector but cannot overwrite or delete existing backup data. In addition, this role also has the permissions of the Shared Folder Management role. |
- |
Assigning delegated roles to users
Administrators can assign one or more delegated roles to non-administrator users and groups.
Assigning the System Management role grants the permissions of all other roles.
Removing delegated roles from users
Administrators can remove delegated roles from non-administrator users to withdraw their permissions. You can remove only one or more delegated roles.
Given that System Management role covers all other delegated roles, QuTS hero does not allow you to remove a smaller role from a user who has been assigned the System Management role. You should first remove the System Management role from this user and then adjust role assignment according to your needs.
Viewing user permissions
Permission Viewer displays a summary of current role assignments in Delegated Administration, allowing you to quickly understand which permissions have been granted to non-administrators.
If no delegated role has been assigned, Permission Viewer displays an empty list.
Exporting a delegation list
You can back up your settings by exporting the current delegation settings in CSV format.
In the exported CSV file, each row represents a user or group, and each column represents a delegated role. You can check the intersection of each row and column to understand each permission status. 1 indicates that the delegated role is assigned, and 0 indicates the delegated role is not assigned.
- Log in to QuTS hero as administrator.
- Go to .
- Click Permission Viewer.
- Click Export.
QuTS hero exports and downloads a CSV file to your computer. You can import this CSV file later to restore your settings.
Importing a delegation list
You can restore previous delegation settings by importing a valid CSV file.
In a valid CSV file, each row represents a user or group, and each column represents a delegated role. You can check the intersection of each row and column to understand each permission status. 1 indicates that the delegated role is assigned, and 0 indicates the delegated role is not assigned.
- Log in to QuTS hero as administrator.
- Go to .
- Click Permission Viewer.
- Click Import.
- Click Browse.
- Select a CSV file to import.
- Click Import.
QuTS hero imports delegation settings from the selected CVS file and apply settings. If you do not see the new delegation settings, restart Control Panel and then check again.