This is where NAV administrator can control NAV user accounts, group memberships and access privileges.
The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the user is authenticated externally via LDAP, the external column will indicate this. The final column lists the number of groups the user belongs to.
A fresh NAV installation will only have one account; admin with membership to the NAV administrator group. User admin has password set to admin. This should be changed at your first login.
Note: The procedure is the same for editing the values of an existing account, the same buttons to tweek.
Next you may:
Note: A new user will be given implicit membership to the groups “authenticated users” and “anonymous users”. If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP.
NAV comes with the following predefined groups (with the explained predifined privileges):
Group | Description | Comment |
---|---|---|
Anonymous users | Unauthenticated users (not logged in) | Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) messages and maintenance |
Authenticated users | Any authenticated user (logged in) | New users are implicit members. Gives in addition access to everything except the typical admin stuff: user admin, seed database, module delete, composing messages and maintenance setup |
NAV Administrators | Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. |
SMS | Allowed to receive SMS alerts |
In both cases you proceed to the “Group Details” tab
Use this to create new groups or edit existing. Each group must have:
The actual definition of the group is shown in the Privileges section.
The privileges system of NAV is generally built so that we in the future can expand to new privilege types. Currently only two privileges are supported and the second one has a very specific scope:
Privilege | Explanation |
---|---|
web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. |
alert_by | Takes only one valid target: 'sms'. A user is not allowed to receive sms messages from NAV unless he has the “alert_by for sms” on his privilege list. |
Note: Confusingly a third privilege is possible to choose; report_access. Since this privilege has no implementation, we will remove the option in a later NAV version (and reintroduce it when/if we actually implement support).
To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group “Authenticated users”. A HOWTO on regexp is also provided as a link under “Grant privileges”
If your initial NAV installation was earlier than 3.3 your “Authenticated users” group may have a different setting (which you may well have modified yourself). Consider using this default NAV 3.3 reg exp:
^/(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/$)/?