HOW TO: Create PGP Universal Server 3.x Administrators
search cancel

HOW TO: Create PGP Universal Server 3.x Administrators

book

Article ID: 153210

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

This article provides step by step instructions to add/delete administrator accounts to a PGP Universal Server.

 

Resolution

HOW TO: Create PGP Universal Server Administrators

A PGP Universal Server can have multiple administrators to perform tasks on the server. Administrators can have various roles and privileges to the server. During the Setup Assistant, one administrator is created and is automatically created as a SuperUser.

PGP Universal Server includes the following roles:

 

  1. Read-Only Administrator. Can view all settings and logs.

     
  2. WDRT-only Administrator. Can view all settings and logs, and can access and read Whole Disk Recovery Tokens.

     
  3. Service Control Only. Can view all settings and logs, and can start and stop software and hardware services but not configure them.

     
  4. Basic Administrator. Can view all settings and logs, control and configure services, access and read Whole Disk Recovery Tokens, configure system settings, install updates, restore backups, manage messaging policies, manage users and their public keys, and can vet users.

     
  5. Full Administrator. Can view all settings and logs, control and configure services, access and read Whole Disk Recovery Tokens, configure system settings, install updates, restore backups, manage messaging policies, manage users and their public keys, vet users, configure clustering, export user private keys, and manage organization, trusted, ignition, and Additional Decryption Keys (ADK).

     
  6. SuperUser. Can view all settings and logs, control and configure services, access and read Whole Disk Recovery Tokens, configure system settings, install updates, restore backups, manage messaging policies, manage users and their public keys, vet users, configure clustering, export user private keys, and manage organization, trusted, ignition, and ADKs, access the PGP Universal Server via SSH, and create and manage other administrators.

Once administrators are configured, they can log in and access to those functions they are entitled to based on their role. Administrators who do not have all privileges will be able to see everything in the administrative interface, but cannot edit.

 

Creating a New Administrator

  1. Log in to the PGP Universal Server admin interface.
  2. Click System > Administrators.
  3. Click Add Administrator. The Administrator Settings dialog box is displayed.
  4. In the Login Name field, type a login name for the new administrator.

    Note: If using SecurID Authentication, you must first enable the SecurID Authentication feature. Click here for an article on configuring RSA SecurID Authentication.

    If you are using SecurID authentication, make sure the login name exactly matches this administrator's username in the RSA server, or this user will not be able to authenticate successfully.

     
  • If SecurID authentication is selected, an Authentication field with a drop-down menu is shown. Select Passphrase to use a passphrase for authentication or SecurID to use RSA SecurID authentication.
     
  • If Passphrase authentication is selected, fields to enter and confirm the administrator passphrase are displayed. In the Passphrase field, type a passphrase and then confirm the passphrase for the new administrator.
  1. In the Email field, type the email address of the new administrator. This email address is used to send server status updates.
  2. Select Daily Status Email if you want the new administrator to receive a daily status email for your system.
  3. From the Role list, select the role for the new administrator. The privileges for the selected role are displayed.
  4. Click Save.

 

Importing SSH v2 Keys

SuperUser administrators have the option of adding their SSH v2 key to the PGP Universal Server. The SSH v2 key acts as an authentication token and allows SuperUser administrators to access the command line of the PGP Universal Server.

 

Note: Accessing the PGP Universal Server command line in this way may void portions of your PGP Support agreement. Contact PGP Support for more information.


To import an SSH v2 key:

 

  1. Click the (+) plus icon at the end of the SSHv2 Key field on the Administrator Settings dialog. The Update SSH Public Key dialog is displayed.
  2. Import the SSH v2 key file either by selecting a key file via the Choose File button or by pasting the SSH v2 public key block into the Import Key Block box.
  3. Click Import. The SSH key is imported.
     


 


Powered by Wolken Software