When defining permissions for domains, Apex One automatically applies the permissions for a parent domain to all the subdomains that it manages. A subdomain cannot have lesser permissions than its parent domain. For example, if the System Administrator has permission to view and configure all Security Agents that Apex One manages (the "Apex One Server" domain), the permissions for the subdomains must allow the System Administrator access to these configuration features. Removing a permission on a subdomain would mean that the System Administrator does not have full configuration permissions for all Security Agents.
For the following procedure, the domain tree is as follows:
For example, to grant the user account "Chris" permissions to view and configure specific menu items for the subdomain "Employees" but only grant permission to view logs in the parent domain "Managers", perform the following procedure.
|
Domain |
Desired Permissions |
|---|---|
|
Apex One Server |
No special permissions |
|
Managers |
View Logs |
|
Employees |
View and configure Tasks View and configure Logs View Settings |
|
Sales |
No special permissions |
If Chris has permission to view and configure the "Managers" domain, Apex One automatically grants the same permissions to the "Employees" subdomain as well. This occurs because the "Managers" domain manages all of its subdomains.