NAV Wiki

User Tools

Site Tools

Trace: navfeatures seedessentials sysloganalyzer useradminpanel ipv6 gettingstarted user_guide
useradminpanel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
useradminpanel [2007/10/01 10:29] – old revision restored faltinuseradminpanel [2010/05/01 21:58] (current) – old revision restored morten
Line 2: Line 2:
  
 {{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. {{tools:useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges.
 +
  
  
Line 7: Line 8:
  
 The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the
-source of the user is based on [[ldapauthentication|LDAP]], the external column will indicate this.  The final column listes the number of groups the user belongs to.+user is authenticated externally via [[ldapauthentication|LDAP]], the external column will indicate this.  The final column lists the number of groups the user belongs to.
  
    * To edit the settings for an account, click on the username in question.    * To edit the settings for an account, click on the username in question.
Line 16: Line 17:
  
  
-===== Creating a new account =====+ 
 + 
 + 
 + 
 +===== Creating a new account (using Account Details) =====
  
 **Note:** The procedure is the same for editing the values of an existing account, the same buttons to tweek. **Note:** The procedure is the same for editing the values of an existing account, the same buttons to tweek.
  
-The new user must be given a unique login and password that confirms. Next you may:+   The new user must be given a unique login and password that confirms.  
 +   * For existing users you can change their password here. For LDAP bound users, password may not be changed. 
 + 
 +Next you may:
  
    * Delete the account     * Delete the account 
  
-   * Add the user to one or more organizations. In turn remove the user from one or more organizations. The organizations are picked from the list you create in [[seedessentials#organization|the organization section of Edit Database]]. Please note that organizational membership of a NAV user has no effect in terms of privileges or such (this is on the road map, way up ahead).+   * Add the user to one or more organizations. In turn remove the user from one or more organizations. The organizations are picked from the list you create in [[seedessentials#organization|the organization section of Edit Database]]. Please note that organizational membership of a NAV user has **no effect** in terms of privileges or such (this is on the road map, way up ahead).
  
    * Add the user to one or more groups (use the Add button). In turn remove the user from one or more groups (with the Remove button). Each group has a set of privileges, more below. The user will get the union of privileges of the groups he joins.    * Add the user to one or more groups (use the Add button). In turn remove the user from one or more groups (with the Remove button). Each group has a set of privileges, more below. The user will get the union of privileges of the groups he joins.
  
-**Note:** In NAV 3.3 a new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. +**Note:** new user will be given implicit membership to the groups "authenticated users" and "anonymous users". If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP.  
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
  
 ===== Group List ===== ===== Group List =====
  
-NAV comes with the following predefined groups:+NAV comes with the following predefined groups (with the explained predifined privileges):
  
 ^ Group ^Description ^ Comment | ^ Group ^Description ^ Comment |
-^ Anonymous users  |Unauthenticated users (not logged in) |Everyone are implicit members |  +^ Anonymous users  |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) messages and maintenance |  
-^Authenticated users |Any authenticated user (logged in) |New users are implicit members | +^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to everything **except** the typical admin stuff: user admin, seed database, module delete, composing messages and maintenance setup   
-^NAV Administrators |Full access to everything | |+^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. |
 ^ SMS |Allowed to receive SMS alerts | | ^ SMS |Allowed to receive SMS alerts | |
  
    * To create new groups, simply follow the "Create new group" link.    * To create new groups, simply follow the "Create new group" link.
-   * To modify an existing group, click on the group.+   * To modify an existing group, click on the group.  
 +In both cases you proceed to the "Group Details" tab 
 + 
 + 
 + 
 + 
 +===== Group Details ===== 
 + 
 +Use this to create new groups or edit existing. Each group must have: 
 + 
 +   * A unique and preferably intuitive name.  
 +   * A description that explains what group membership this group authorizes. 
 + 
 +The actual definition of the group is shown in the Privileges section. 
 + 
 +   * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one (you can not edit a privilege). You can add as many privileges as you like to a group. 
 + 
 + 
 + 
 + 
 + 
 + 
 +===== Understanding privileges ===== 
 + 
 +The privileges system of NAV is generally built so that we in the future can expand to new privilege types. 
 +Currently only two privileges are supported and the second one has a very specific scope: 
 + 
 +^Privilege ^Explanation | 
 +^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. | 
 +^alert_by | Takes only one valid target: 'sms'. A user is not allowed to receive sms messages from NAV unless he has the "alert_by for sms" on his privilege list. | 
 + 
 +**Note:** Confusingly a third privilege is possible to choose; report_access. Since this privilege has no implementation, we will remove the option in a later NAV version (and reintroduce it when/if we actually implement support). 
 + 
 +To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group 
 +"Authenticated users". A [[http://www.amk.ca/python/howto/regex/|HOWTO on regexp]] is also provided as a link under "Grant privileges" 
 + 
 +:!: If your initial NAV installation was earlier than 3.3 your "Authenticated users" group may have a different 
 +setting (which you may well have modified yourself). Consider using this default NAV 3.3 reg exp:
  
 +<code>
 +^/(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/$)/?  
 +</code>
  
  
useradminpanel.1191234542.txt.gz · Last modified: by faltin
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki