Scenario: A Citrix Administrator would like to grant access to a Junior Administrator on the NetScaler. The administrator would like to grant full access to everything except the following:
• Shell Access
• User Configuration access
• Partition Configuration access
Which pre-existing command policy would meet the needs of the scenario?
A. Superuser
B. Network
C. Operator
D. Sysadmin
Only D is correct.
Administrative access can be delegated using built-in Command Policies:
• Superuser – full access
• Sysadmin – full access except shell, user configs, and partition configs
• Network – full access except set/unset SSL and configurations
• Operator – read-only except enable/disable server/services
• Read-only – read-only to show commands except configurations
D
D is correct, the junior administrator needs full access EXCEPT the shell, user and admin partitions.
superuser = nsroot (FULL ACCESS)
sysadmin = A sysadmin is lower than a superuser is terms of access allowed on the appliance. A sysadmin user can perform all NetScaler operations with the following exceptions: no access to the NetScaler shell, cannot perform user configurations, cannot perform partition configurations, and some other configurations as stated in the sysadmin command policy.
Therefore, Jaydee is completely wrong. Answer D is right.
Right answer is D
[Included in NetScaler 12.0 and later] A sysadmin is lower than a superuser is terms of access allowed on the appliance. A sysadmin user can perform all NetScaler operations with the following exceptions: no access to the NetScaler shell, cannot perform user configurations, cannot perform partition configurations, and some other configurations as stated in the sysadmin command policy.
ref > https://docs.citrix.com/en-us/netscaler/12/system/ns-ag-aa-intro-wrapper-con/ns-ag-aa-config-users-and-grps-tsk.html
Answer A is correct:
Only the superuser (same rights as nsroot) can edit partition and user configurations.
https://docs.citrix.com/en-us/netscaler/12/system/ns-ag-aa-intro-wrapper-con/ns-ag-aa-config-users-and-grps-tsk.html
Answer: D
Answer A is correct:
Only the superuser (same rights as nsroot) can edit partition and user configurations.
https://docs.citrix.com/en-us/netscaler/12/system/ns-ag-aa-intro-wrapper-con/ns-ag-aa-config-users-and-grps-tsk.html
They have to be blocked from user and partition mgmt though.