AgilePoint NX System Administrator
The AgilePoint NX system administrator is the primary custodian of AgilePoint Server installation and maintenance tasks. This user is required during installation, upgrades, managing server on a daily basis, assigning others permission to use the system, monitoring alerts, etc.
This function is usually fulfilled by a person from the customer's IT team who manages other servers in your environment. Once the installation is complete, a system administrator is required part time. AgilePoint Server typically does not need a full time administrator.
AgilePoint System Account
The AgilePoint System Account is the priamary administrator account for AgilePoint Server, especially the AgilePoint Server Configuration Utility and the Windows services associated with the AgilePoint server-side components.
By default, the AgilePoint System Account is assumed to use the same credentials as other administrator tasks on the AgilePoint Server machine, such as the Windows administrator account. However, for security purposes, AgilePoint recommends you separate these credentials after AgilePoint Server is installed.
When AgilePoint Server is installed, the credentials for the AgilePoint System Account are the same as the AgilePoint Service Account. The purpose of this is to simplify the AgilePoint Server installation. However, for security purposes, AgilePoint recommends you separate these credentials after AgilePoint Server is installed.
Applies to Deployment Types
Permissions and Configuration
System | Permissions | Notes |
---|---|---|
AgilePoint Server Machines |
|
|
AgilePoint Server service instances |
|
|
AgilePoint NX Portal tenants |
|
|
How To Create or Change This Account
- The AgilePoint System Account is created when you install AgilePoint NX.
- To change the AgilePoint System Account, refer to How Do I Change the Credentials for AgilePoint Administrator Accounts?.
AgilePoint Service Account
The AgilePoint Service Account is the set of authentication credentials AgilePoint Server uses to connect to other systems, such as the database server.
The AgilePoint Service Account is a "headless" account, which means that a person is not associated with the credentials. Instead the AgilePoint Server software or AgilePoint NX system is represented with these credentials. In other words, the AgilePoint NX System Administrator manages the credentials for the AgilePoint Service Account, but the (human) adminsitrator does not use these credentials to authenticate to any system.
When AgilePoint Server is installed, the credentials for the AgilePoint System Account are the same as the AgilePoint Service Account. The purpose of this is to simplify the AgilePoint Server installation. However, for security purposes, AgilePoint recommends you separate these credentials after AgilePoint Server is installed.
Applies to Deployment Types
Permissions and Configuration
System | Permissions | Notes |
---|---|---|
AgilePoint Server Machines |
|
|
Database |
|
During installation, AgilePoint requires db_owner privileges in SQL Server to create the tables required on the database. For security purposes, after finishing the AgilePoint Server configuration, you can remove the AgilePoint Server service account from the db_owner role in order to disallow the Create table privilege. Instead you can add this user to the db_datareader and db_datawriter role memberships. Please note that when updating the database schema in the future (e.g. for an upgrade), you will need to add this account back to the db_owner role in order for the database schema to be updated It is recommended to configure permissions for the SQL database account for AgilePoint, which grants INSERT,UPDATE, DELETE and SELECT, … by schema (namespace), ONLY on AgilePoint tables at the database level, instead of using the generic dbo schema to restrict access. |
SharePoint |
|
|
Data Services Machine |
|
|
How To Create or Change This Account
- The AgilePoint Service Account is created when you install AgilePoint NX.
- To change the AgilePoint Service Account, refer to How Do I Change the Credentials for AgilePoint Administrator Accounts?.
Tenant Administrator (Setting) Permissions
The Tenant Administrator is a special setting that can only be assigned to one AgilePoint ID in an instance of AgilePoint NX Portal. In the NX Portal, this user is referred to as the Tenant Administrator.
By default, in AgilePoint NX OnDemand (public cloud) the Tenant Administrator is the user who submits the initial request for the tenant. In AgilePoint NX OnPremises or AgilePoint NX Private Cloud, the AgilePoint NX System Administrator (AgilePoint System Account) assigns the Tenant Administrator when they provisions the tenant.
Applies to Deployment Types
Permissions
System | Permissions | Notes |
---|---|---|
AgilePoint NX Portal tenant |
|
|
How To Create or Change the Tenant Administrator
- By default, in OnPremises or Private Cloud environments, the Tenant Administrator is assigned to the AgilePoint System Account when you install AgilePoint NX.
- By default, in OnDemand (public cloud) environments, the Tenant Administrator is assigned to the first user added to an environment when you sign up for AgilePoint NX environment.
- To change the Tenant Administrator, refer to How Do I Change the Credentials for AgilePoint Administrator Accounts?.
Administrators (role)
Administrator is the common system administrator role for the AgilePoint NX Portal. Any registered AgilePoint NX user can be assigned the Administrators role. There is no limit to the number of users who can be assigned the Administrators role. The Administrators role is subordinate to the Tenant Administrator.
Applies to Deployment Types
Permissions
System | Permissions | Notes |
---|---|---|
AgilePoint NX Portal tenant |
|
|
How To Add the Administrators Role to a User or Group
- By default, in OnPremises or Private Cloud environments, the Tenant Administrator is assigned the Administrators role when you install AgilePoint NX.
- By default, in OnDemand environments, the Administrators role is assigned to the first user added to an environment when you sign up for AgilePoint NX environment.
- To add the Administrators role to other users or groups, refer to Add System Administrators.
Global Permissions Managers
A Global Permissions Manager is a type of permission group or role that has access rights to manage the permission groups for App Builder, Data Entities, Page Builder or other components that use permission groups in Manage Center.
Applies to Deployment Types
Global Permission Manager Permissions
Permission Group | Definition | Manage |
---|---|---|
Administrator (role) |
Administrators is the common system administrator role for the AgilePoint NX Portal. Any registered AgilePoint NX user can be assigned the Administrators role. There is no limit to the number of users who can be assigned the Administrators role. The Administrators role is subordinate to the Tenant Administrator. App Builder permissions are different from Page Builder and Data Entities because in App Builder, Administrators and App Designers are based on roles. In Page Builder and Data Entities, these access rights are based on permission groups. Note: The Administrators role is different from the AgilePoint NX System Administrator. The AgilePoint NX System Administrator is one person, independent of any accounts or permissions. Administrators is a security role that can be assigned to any NX Portal user.
|
|
Global Data Entities Permission Managers |
Global Data Entities Permission Managers is a permission group for users or groups who have full access rights for the Data Entities component. Global Data Entities Permission Managers can manage other permission groups for the Data Entities component and for all specific entities.
| |
Global Page Builder Permission Managers |
Global Page Builder Permission Managers is a permission group for users or groups who have full access rights for the Page Builder component. Global Page Builder Permission Managers can manage other permission groups for the Page Builder component and for all specific custom pages.
|