• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
NetScaler Developer Network

NetScaler Command Policies and RBA

Added by Raghu Govindaswamy, last edited by Raghu Govindaswamy on Aug 25, 2009

NetScalers support fairly extensive RBA command policies, that have been used to create administrative partitions, and grant selective permissions to specific groups or users, to administer and manage only parts of the system that the users/ groups should have access to. As examples, it is possible to limit a group to only manage the load balancing feature set, another group to just the rewrite feature, and so on. Even within these broad feature permissions, it is possible to provide more granular permissions, so that if the device had multiple applications being hosted, then it becomes possible to grant a particular group permissions to manage only their configuration objects, and another group doesn't have the ability to make any changes on objects that do not serve their application, and cause unexpected configuration mismatches, and in the worst case - outages.
         
The power of the NetScaler command policies is derived from the ability to create them using regular expressions, which are applied to the command groups, the actual commands, and even the command level parameters that the user/ group should have rights on. However, with this flexibility comes some complexity, and the need to understand regex policies, and manage them. In order to simplify the user experience, and provide all the power and flexibility without any increase in complexity, the GUI engineering team has developed a new command policy wizard, that is avaialable from OS versions 9.1 onwards. The wizard eases the complex task of creating command policies a lot more intuitive, and provides a parser that is easy to understand, and makes the policies a lot more manageable. As an added usability element, the wizard also lets the administrator who is creating those policies, test the policies, and check whether the policies are permitting and blocking the users/ groups, to whom the policies will eventually be bound, from the right set of configuration commands.
             
In the attached screen capture, we will look at the usage of the RBA wizard, that demonstrates the creation of a command policy that allows management of an LB vserver which has the string "SAP" somewhere within the entity name, and additionally provides the ability to manage the rewrite configuration. The policy is further limiting, even within these feature sets, as it doesnt allow the deletion of the lb vservers created, or the rewrite policies and actions.
     
Click here to view the video

Tags

command policies command policies Delete
netscaler netscaler Delete
rba rba Delete
Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Citrix Branch Repeater
NetScaler Installation & Configuration Guide 1
NetScaler Installation & Configuration Guide 2
NetScaler - Quick Start Guide
NetScaler Command Reference Guide