This article describes how to restrict user to access only one virtual server through command policy.

For example, command policy is being configured to allow user to run the the command show lb vserver test or check load balancing virtual server test only. This user cannot check any other virtual server. 

Instructions

To restrict the user access, complete the following steps:

1. Login to Citrix ADC GUI using the nsroot credentials.

2. To create command policy, navigate to System > User Administrator > Command policy and type the policy name.

   

3. Copy the command which appear in Command Spec field and click Create.
   

4. To create user, navigate to System > User Administrator > User.

5. Click Add and type username and password. In this example it is assumed that user is authenticating through local username and password.

   

6. Click Continue and click on No system command policy.
   

7. Select the command policy that you want to associate with the user and click Bind and then click Done.

   

   
   
   
   
   When the user logs on through user account “test”, only vserver test is seen. The other virtual servers or other part of GUI or configuration are not displayed.

   

   For other part of GUI, the following error message is displayed:

   

   From Command Line Interface, the following message is displayed:

   

You can use some built in options to view all virtual servers.

1. Click Add on command policy option.

   

2. Type the policy name (in this example, test-all-lb), click on Command Spec Editor.

   The following screen shot displays allowing user to view all virtual servers.
   

3. When you log on through new user having this command policy, you can view all the virtual servers under load balancing node.