Introduction to the System Administrator

The system administrator can configure system security policies, implement rights- and domain-based management, restrict IP addresses that can access eReplication, implement real-time monitoring, and manage online administrators.

By default, eReplication provides six user levels, namely, admin, administrator, operator, auditor and NBIRole. Table 1 describes permissions of each user level.

**Table 1** Description of user permissions
User Role	Permission
admin	Default administrator admin provided by the system. User admin has permissions for all operations and can manage all resources and users, and it cannot be deleted.
administrator	Admin Role users. Have permissions for all eReplication operations except for configuring the admin and Admin Role users.
operator	Operator Role users. Such users have the following permissions: View and refresh resources and all operation permissions of the sites All operation permissions of the protected groups All operation permissions of the recovery plan All operation permissions of monitoring View on-line administrators, view and configure the system performance, all operation permissions of data maintenance, view and export system operation logs, notify server
auditor	Auditor Role users. Such users only have permissions to view operation logs dump, view and export system operation logs.
NBIRole	Users belonging to Third-Part System User Group. Such users only have permissions to view sites, protected group, view and execute recovery plan.

Rights- and domain-based management, IP address restriction are implemented based on the configuration of administrators and administrator groups.

An administrator group is a set of operation permissions. You can allocate an administrator to an administrator group to make the administrator to inherit the operation permissions of the group.
The system provides default administrator admin. admin has all operation permissions and can manage all resources. Note that admin cannot be modified. You can create an administrator and select an administrator group and resources for this administrator to implement the rights- and domain-based management of eReplication.
You can select the IP address segments that can access eReplication for an administrator to restrict IP addresses that access eReplication.

The system security policy contains the password policy, session timeout threshold, maximum number of user connections, and login policy. The detailed information is as follows:

The password policy defines the minimum length and complexity of the passwords of the system administrators.
The session timeout threshold refers to the period when it is exceeded the session between the system administrator and eReplication is interrupted. Any operations of the system administrator on the eReplication interface will make the timeout threshold counting start from 0 again.
If the system administrator does not perform any operation within the timeout threshold after logging in to eReplication, the current session is interrupted. If the system administrator needs to perform operations on eReplication after the interruption, it needs to log in to eReplication again.
The maximum number of user connections limit the number of sessions of users that log in to eReplication concurrently. If the number of user sessions exceeds the upper limit, no more user can log in to eReplication. This policy applies to man-machine accounts only, and is invalid for machine-machine accounts of the NBIRole role.
The login policy defines the lock period after a specific number of consecutive incorrect passwords are entered when the system administrator attempts to log in to eReplication.