THE INFORMATION IN THIS ARTICLE APPLIES TO:

EFT v7.1 and later
EFT Insight all versions

QUESTION

Can I configure an EFT administrator account such that it can have access to EFT Insight, but not have ANY administrative capabilities over EFT?

ANSWER

Yes, you can configure EFT to accomplish this in one of the following ways:

Using EFT Admin accounts:

Create a new EFT admin account. (see below)
Assign the account to a “Change Password” level of admin.
Assign that admin to a dummy Settings Template (one with no users).
Ensure that Run & Edit Reports is selected for that admin account.
Apply changes.

Using Windows Admin accounts:

Create a group in AD for Insight-only admins.
Add desired AD users to the newly created AD group.
In EFT, add a new admin and specify the AD group created earlier.
Assign to that new account to a “Change Password” level of admin.
Assign that admin to a dummy Settings Template (one with no users).
Ensure that Run & Edit Reports and COM is selected for that admin account
Apply changes.

To create an administrator account

In the administration interface, connect to EFT and click the Server tab.
On the Server tab, click the Server node to which you want to add an administrator account.
In the right pane, click the Administration tab.
In the Administrator Access and Permissions area, click Add. The Create Administrator Account dialog box appears.
Specify either Windows Authentication or EFT Authentication. (Windows Authentication is available in EFT Enterprise.)
- If you choose EFT Authentication, specify the account details:

Passwords are case-sensitive; the username and password fields each cannot exceed 1024 characters. If the Password and Confirm boxes do not match, the OK button is disabled. Retype the passwords.

If you choose Windows Authentication, click Browse to specify the User or group. The Select User or Group dialog box appears.
1. To expand the dialog box, click Advanced.
2. To specify the type of object to search for (User or Group), click Object Types. The Object Types dialog box appears.
3. By default, both groups and users are searched. To search only groups, clear the Users check box; to search only users, clear the Group check box, and then click OK.
4. Click Locations to specify a network address to search. The Locations dialog box appears with available locations displayed. Click a location, and then click OK.
5. In the Select User or Group dialog box, use the Common Queries area to search for a specific user or group.
6. After you have specified your search criteria, click Find Now. The search results appear.
7. Click the user or group that you want to use for this account, and then click OK. The user or group appears in the Create Administrator Account dialog box.
8. Click OK.
AD accounts that are part of the local computer’s Administrator’s group will not appear when browsing the “local computer” because these accounts are AD accounts, not local. AD accounts will appear when browsing the "AD" scope.
You can select AD accounts when performing remote administration as long as the administration interface and EFT are in the same domain or working across trusted domains.

The new user appears in the Admin account names box.
Click the Selected account permissions policy box, then specify the functions this account can control. (Refer to Delegated Administration for details of each type.)
If you specified that the account is a Site Admin, Template Settings Admin, Change Password Admin, or User Admin, the assignment dialog box appears.
Specify one or more items in the Available box, then double-click the selection or click Add, then click OK. The assignment appears in the Assigned to list.

Password Policy and Account Policy options apply to all EFT-managed administrator accounts defined on this Server. The Selected account permissions policy (Site Admin, User Admin, etc.) and Optional permissions (Reports and COM) apply only to the account
selected.

Click Apply to save the changes on the Server.