Skip to main content
Skip table of contents

Access Control

Access control entries define the security configuration for a given tree node – account, printer, print queue, server, or service. Each entry consists of the security role and a user or group to which this role is granted when accessing this particular tree node. For example, if an access control entry with user admin and role Administrators exists, it means that user admin has full administrative permissions on that tree node.

Default settings

Access controls are inherited by default so that all sub-elements of the tree acquire the same configuration. Inherited access controls are greyed out and cannot be modified or deleted. You can override inherited access controls in the child nodes or add more entries for users from sub-accounts.

The following screenshot shows how the access control list is displayed on the Customer 1 node for the user from acme vendor:

Which access controls are displayed depends on the user viewing the current node. Given the following hierarchy:

The top-level administrator of the acme vendor can see all access control definitions for all the nodes. The users who are logged in for Reseller East account will not be able to see, change, or override access control definitions inherited from the parent acme node. The users from Customer 1 account will only see and be able to manage access controls defined in that account:

Changing default inheritance of access controls for child nodes

Be careful when changing the default inheritance for the access controls. Make sure you understand the effects of this action beforehand.

You can restore the default inherited access controls on customer account child nodes by clicking Reset Child Nodes.

To see this button in Access Control, you must have the PropagateAccessControl permission.

Reset Child Nodes

Reset Child Nodes action will remove overridden access controls from child nodes.

Following up on the example above, in the New port 1 node, click Reset Child Nodes and confirm the action. You will then see that the access controls originating in the Customer 1 node are now inherited, as per default:

Assigning access controls to providers with OpenID Connect (OIDC)

  1. If the authentication provider you want to assign security roles to is configured to use OIDC authentication, you can search for users and groups locally, or you can enable Search in external identity management to search in external identity providers.

    Search in external identity management toggle is shown only for providers with only OIDC configuration. 

  2. Click Search.

  3. Confirm your action by clicking OK

  4. Log in with a user account that has the necessary privileges to fetch all users and groups.
  5. After successful authentication, close the browser tab, and click Search again to complete the access control mapping.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.