This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
useradminpanel [2007/10/01 11:19] faltin |
useradminpanel [2010/05/01 21:58] (current) morten old revision restored |
||
---|---|---|---|
Line 2: | Line 2: | ||
{{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. | {{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. | ||
+ | |||
Line 7: | Line 8: | ||
The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the | The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the | ||
- | source of the user is based on [[ldapauthentication|LDAP]], the external column will indicate this. The final column listes the number of groups the user belongs to. | + | user is authenticated externally via [[ldapauthentication|LDAP]], the external column will indicate this. The final column lists the number of groups the user belongs to. |
* To edit the settings for an account, click on the username in question. | * To edit the settings for an account, click on the username in question. | ||
Line 36: | Line 37: | ||
**Note:** A new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. | **Note:** A new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
Line 42: | Line 52: | ||
===== Group List ===== | ===== Group List ===== | ||
- | NAV comes with the following predefined groups: | + | NAV comes with the following predefined groups (with the explained predifined privileges): |
^ Group ^Description ^ Comment | | ^ Group ^Description ^ Comment | | ||
- | ^ Anonymous users |Unauthenticated users (not logged in) |Everyone are implicit members | | + | ^ Anonymous users |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) messages and maintenance | |
- | ^Authenticated users |Any authenticated user (logged in) |New users are implicit members | | + | ^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to everything **except** the typical admin stuff: user admin, seed database, module delete, composing messages and maintenance setup | |
- | ^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators | | + | ^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. | |
^ SMS |Allowed to receive SMS alerts | | | ^ SMS |Allowed to receive SMS alerts | | | ||
* To create new groups, simply follow the "Create new group" link. | * To create new groups, simply follow the "Create new group" link. | ||
- | * To modify an existing group, click on the group. | + | * To modify an existing group, click on the group. |
In both cases you proceed to the "Group Details" tab | In both cases you proceed to the "Group Details" tab | ||
+ | |||
+ | |||
===== Group Details ===== | ===== Group Details ===== | ||
- | Use this to create new groups or edit existing. Each group must have | + | Use this to create new groups or edit existing. Each group must have: |
+ | |||
+ | * A unique and preferably intuitive name. | ||
+ | * A description that explains what group membership this group authorizes. | ||
+ | |||
+ | The actual definition of the group is shown in the Privileges section. | ||
+ | |||
+ | * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one (you can not edit a privilege). You can add as many privileges as you like to a group. | ||
+ | |||
- | * A unique and preferably intuitive name | ||
- | * A description that explains what group membership this group authorizes | ||
- | The actual definition of the group is shown in the Privileges section | ||
- | * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one. You can add as many privileges as you like to a group. | ||
===== Understanding privileges ===== | ===== Understanding privileges ===== | ||
- | The privileges system of NAV is built generally so that we in the future can expand to new privilege types. | + | The privileges system of NAV is generally built so that we in the future can expand to new privilege types. |
Currently only two privileges are supported and the second one has a very specific scope: | Currently only two privileges are supported and the second one has a very specific scope: | ||
Line 74: | Line 91: | ||
^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. | | ^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. | | ||
^alert_by | Takes only one valid target: 'sms'. A user is not allowed to receive sms messages from NAV unless he has the "alert_by for sms" on his privilege list. | | ^alert_by | Takes only one valid target: 'sms'. A user is not allowed to receive sms messages from NAV unless he has the "alert_by for sms" on his privilege list. | | ||
+ | |||
+ | **Note:** Confusingly a third privilege is possible to choose; report_access. Since this privilege has no implementation, we will remove the option in a later NAV version (and reintroduce it when/if we actually implement support). | ||
To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group | To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group | ||
"Authenticated users". A [[http://www.amk.ca/python/howto/regex/|HOWTO on regexp]] is also provided as a link under "Grant privileges" | "Authenticated users". A [[http://www.amk.ca/python/howto/regex/|HOWTO on regexp]] is also provided as a link under "Grant privileges" | ||
+ | |||
+ | :!: If your initial NAV installation was earlier than 3.3 your "Authenticated users" group may have a different | ||
+ | setting (which you may well have modified yourself). Consider using this default NAV 3.3 reg exp: | ||
+ | |||
+ | <code> | ||
+ | ^/(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/$)/? | ||
+ | </code> | ||