This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
useradminpanel [2007/10/01 11:12] faltin |
useradminpanel [2007/10/07 06:08] faltin |
||
---|---|---|---|
Line 2: | Line 2: | ||
{{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. | {{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. | ||
+ | |||
Line 7: | Line 8: | ||
The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the | The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the | ||
- | source of the user is based on [[ldapauthentication|LDAP]], the external column will indicate this. The final column listes the number of groups the user belongs to. | + | user is authenticated externally via [[ldapauthentication|LDAP]], the external column will indicate this. The final column lists the number of groups the user belongs to. |
* To edit the settings for an account, click on the username in question. | * To edit the settings for an account, click on the username in question. | ||
Line 13: | Line 14: | ||
:!: A fresh NAV installation will only have one account; admin with membership to the NAV administrator group. User admin has password set to admin. This should be changed at your first login. | :!: A fresh NAV installation will only have one account; admin with membership to the NAV administrator group. User admin has password set to admin. This should be changed at your first login. | ||
+ | |||
+ | |||
Line 22: | Line 25: | ||
**Note:** The procedure is the same for editing the values of an existing account, the same buttons to tweek. | **Note:** The procedure is the same for editing the values of an existing account, the same buttons to tweek. | ||
- | The new user must be given a unique login and password that confirms. Next you may: | + | * The new user must be given a unique login and password that confirms. |
+ | * For existing users you can change their password here. For LDAP bound users, password may not be changed. | ||
+ | |||
+ | Next you may: | ||
* Delete the account | * Delete the account | ||
- | * Add the user to one or more organizations. In turn remove the user from one or more organizations. The organizations are picked from the list you create in [[seedessentials#organization|the organization section of Edit Database]]. Please note that organizational membership of a NAV user has no effect in terms of privileges or such (this is on the road map, way up ahead). | + | * Add the user to one or more organizations. In turn remove the user from one or more organizations. The organizations are picked from the list you create in [[seedessentials#organization|the organization section of Edit Database]]. Please note that organizational membership of a NAV user has **no effect** in terms of privileges or such (this is on the road map, way up ahead). |
* Add the user to one or more groups (use the Add button). In turn remove the user from one or more groups (with the Remove button). Each group has a set of privileges, more below. The user will get the union of privileges of the groups he joins. | * Add the user to one or more groups (use the Add button). In turn remove the user from one or more groups (with the Remove button). Each group has a set of privileges, more below. The user will get the union of privileges of the groups he joins. | ||
**Note:** A new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. | **Note:** A new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
===== Group List ===== | ===== Group List ===== | ||
- | NAV comes with the following predefined groups: | + | NAV comes with the following predefined groups (with the explained predifined privileges): |
^ Group ^Description ^ Comment | | ^ Group ^Description ^ Comment | | ||
- | ^ Anonymous users |Unauthenticated users (not logged in) |Everyone are implicit members | | + | ^ Anonymous users |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) messages and maintenance | |
- | ^Authenticated users |Any authenticated user (logged in) |New users are implicit members | | + | ^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to everything **except** the typical admin stuff: user admin, seed database, module delete, composing messages and maintenance setup | |
- | ^NAV Administrators |Full access to everything | | | + | ^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. | |
^ SMS |Allowed to receive SMS alerts | | | ^ SMS |Allowed to receive SMS alerts | | | ||
* To create new groups, simply follow the "Create new group" link. | * To create new groups, simply follow the "Create new group" link. | ||
- | * To modify an existing group, click on the group. | + | * To modify an existing group, click on the group. |
In both cases you proceed to the "Group Details" tab | In both cases you proceed to the "Group Details" tab | ||
+ | |||
===== Group Details ===== | ===== Group Details ===== | ||
Line 52: | Line 70: | ||
* A unique and preferably intuitive name | * A unique and preferably intuitive name | ||
- | * A description that explains what group membership to this group authorizes | + | * A description that explains what group membership this group authorizes |
The actual definition of the group is shown in the Privileges section | The actual definition of the group is shown in the Privileges section | ||
* To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one. You can add as many privileges as you like to a group. | * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one. You can add as many privileges as you like to a group. | ||
+ | |||
+ | |||
+ | |||
===== Understanding privileges ===== | ===== Understanding privileges ===== | ||
- | The privileges system of NAV is built generally so that we in the future can expand to new privilege types. | + | The privileges system of NAV is generally built so that we in the future can expand to new privilege types. |
Currently only two privileges are supported and the second one has a very specific scope: | Currently only two privileges are supported and the second one has a very specific scope: | ||
Line 69: | Line 90: | ||
To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group | To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group | ||
"Authenticated users". A [[http://www.amk.ca/python/howto/regex/|HOWTO on regexp]] is also provided as a link under "Grant privileges" | "Authenticated users". A [[http://www.amk.ca/python/howto/regex/|HOWTO on regexp]] is also provided as a link under "Grant privileges" | ||
+ | |||
+ | :!: If your initial NAV installation was earlier than 3.3 your "Authenticated users" group may have a different | ||
+ | setting (which you may well have modified yourself). Consider using this default NAV 3.3 reg exp: | ||
+ | |||
+ | <code> | ||
+ | ^/(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/$)/? | ||
+ | </code> | ||