User Management
611
SonicOS Enhanced 4.0 Administrator Guide
• “User Groups” section on page 612
• “Priority for Preempting Administrators” section on page 612
• “GMS and Multiple Administrator Support” section on page 613
Configuration Modes
In order to allow multiple concurrent administrators, while also preventing potential conflicts
caused by multiple administrators making configuration changes at the same time, the following
configuration modes have been defined:
• Configuration mode - Administrator has full privileges to edit the configuration. If no
administrator is already logged into the appliance, this is the default behavior for
administrators with full and limited administrator privileges (but not read-only
administrators).
Note Administrators with full configuration privilege can also log in using the Command Line
Interface (CLI).
• Read-only mode - Administrator cannot make any changes to the configuration, but can
view the browse the entire management UI and perform monitoring actions.
Only administrators that are members of the SonicWALL Read-Only Admins user group
are given read-only access, and it is the only configuration mode they can access.
• Non-configuration mode - Administrator can view the same information as members of
the read-only group and they can also initiate management actions that do not have the
potential to cause configuration conflicts.
Only administrators that are members of the SonicWALL Administrators user group can
access non-configuration mode. This mode can be entered when another administrator is
already in configuration mode and the new administrator chooses not to preempt the
existing administrator. By default, when an administrator is preempted out of configuration
mode, he or she is converted to non-configuration mode. On the System > Administration
page, this behavior can be modified so that the original administrator is logged out.
The following table provides a summary of the access rights available to the configuration
modes. Access rights for limited administrators are included also, but note that this table does
not include all functions available to limited administrators.
Function
Full admin
in config mode
Full admin in
non-config mode
Read-only
administrator
Limited
administrator
Import certificates X
Generate certificate
signing requests
X
Export certificates X
Export appliance
settings
XX X
Download TSR X X X
Use other diagnostics X X X
Configure network X X
Flush ARP cache X X X
Setup DHCP Server X