Administrative roles
You can use role-based administration to organize your ISA Server administrators into separate, predefined roles, each with its own set of tasks. When you assign a role to a user, you essentially allow that user permissions to perform specific tasks. A user that has one role, such as ISA Server Full Administrator, can perform specific ISA Server tasks that a user with another role, such as ISA Server Basic Monitoring, cannot perform. Role-based administration involves Windows users and groups. These security permissions, group memberships, and user rights are used to distinguish which users have which roles. The following table describes the ISA Server roles.
| Role | Description |
|---|---|
| ISA Server Basic Monitoring | Users and groups assigned this role can monitor the ISA Server computer and network activity, but cannot configure specific monitoring functionality. |
| ISA Server Extended Monitoring | Users and groups assigned this role can perform all monitoring tasks, including log configuration, alert definition configuration, and all monitoring functions available to the ISA Server Basic Monitoring role. |
| ISA Server Full Administrator | Users and groups assigned this role can perform any ISA Server task, including rule configuration, applying of network templates, and monitoring. |
Roles and activities
Each ISA Server role has a specific list of ISA Server tasks associated with it. The following table lists some ISA Server administration tasks along with the roles in which they are performed.
| Activity | ISA Server Basic Monitoring | ISA Server Extended Monitoring | ISA Server Full Administrator |
|---|---|---|---|
| View Dashboard, alerts, connectivity, sessions, services | X | X | X |
| Acknowledge alerts | X | X | X |
| View log information | X | X | |
| Create alert definitions | X | X | |
| Create reports | X | X | |
| Stop and start sessions and services | X | X | |
| View firewall policy | X | X | |
| Configure firewall policy | X | ||
| Configure cache | X | ||
| Configure VPN | X |
For instructions about assigning roles, see Assign administrative roles.
