User Tools

Site Tools


useradminpanel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
useradminpanel [2007/09/16 12:37]
faltin created
useradminpanel [2010/05/01 21:58] (current)
morten old revision restored
Line 1: Line 1:
 ====== The user administration panel ====== ====== The user administration panel ======
  
-This is where users are ...+{{tools:​useradmin.png|}} ​This is where NAV administrator can control NAV user accounts, group memberships and access privileges. 
 + 
 + 
 + 
 +===== Account list ===== 
 + 
 +The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the 
 +user is authenticated externally via [[ldapauthentication|LDAP]],​ the external column will indicate this.  The final column lists the number of groups the user belongs to. 
 + 
 +   * To edit the settings for an account, click on the username in question. 
 +   * To create a new account, press "​Create new account"​ 
 + 
 +:!: A fresh NAV installation will only have one account; admin with membership to the NAV administrator group. User admin has password set to admin. This should be changed at your first login. 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 +===== Creating a new account (using Account Details) ===== 
 + 
 +**Note:** The procedure is the same for editing the values of an existing account, the same buttons to tweek. 
 + 
 +   * The new user must be given a unique login and password that confirms.  
 +   * For existing ​users you can change their password here. For LDAP bound users, password may not be changed. 
 + 
 +Next you may: 
 + 
 +   * Delete the account  
 + 
 +   * Add the user to one or more organizations. In turn remove the user from one or more organizations. The organizations ​are picked from the list you create in [[seedessentials#​organization|the organization section of Edit Database]]Please note that organizational membership of a NAV user has **no effect** in terms of privileges or such (this is on the road map, way up ahead). 
 + 
 +   * Add the user to one or more groups (use the Add button). In turn remove the user from one or more groups (with the Remove button). Each group has a set of privileges, more below. The user will get the union of privileges of the groups he joins. 
 + 
 +**Note:** A new user will be given implicit membership to the groups "​authenticated users" and "​anonymous users"​. If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP.  
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 +===== Group List ===== 
 + 
 +NAV comes with the following predefined groups (with the explained predifined privileges):​ 
 + 
 +^ Group ^Description ^ Comment | 
 +^ Anonymous users  |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) messages and maintenance |  
 +^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to everything **except** the typical admin stuff: user admin, seed database, module delete, composing messages and maintenance setup   | 
 +^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. | 
 +^ SMS |Allowed to receive SMS alerts | | 
 + 
 +   * To create new groups, simply follow the "​Create new group" link. 
 +   * To modify an existing group, click on the group.  
 +In both cases you proceed to the "Group Details"​ tab 
 + 
 + 
 + 
 + 
 +===== Group Details ===== 
 + 
 +Use this to create new groups or edit existing. Each group must have: 
 + 
 +   * A unique and preferably intuitive name.  
 +   * A description that explains what group membership this group authorizes. 
 + 
 +The actual definition of the group is shown in the Privileges section. 
 + 
 +   * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one (you can not edit a privilege). You can add as many privileges as you like to a group. 
 + 
 + 
 + 
 + 
 + 
 + 
 +===== Understanding privileges ===== 
 + 
 +The privileges system of NAV is generally built so that we in the future can expand to new privilege types. 
 +Currently only two privileges are supported and the second one has a very specific scope: 
 + 
 +^Privilege ^Explanation | 
 +^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. | 
 +^alert_by | Takes only one valid target: '​sms'​. A user is not allowed to receive sms messages from NAV unless he has the "​alert_by for sms" on his privilege list. | 
 + 
 +**Note:** Confusingly a third privilege is possible to choose; report_access. Since this privilege has no implementation,​ we will remove the option in a later NAV version (and reintroduce it when/if we actually implement support). 
 + 
 +To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group 
 +"​Authenticated users"​. A [[http://​www.amk.ca/​python/​howto/​regex/​|HOWTO on regexp]] is also provided as a link under "Grant privileges"​ 
 + 
 +:!: If your initial NAV installation was earlier than 3.3 your "​Authenticated users" group may have a different 
 +setting (which you may well have modified yourself)Consider using this default NAV 3.3 reg exp: 
 + 
 +<​code>​ 
 +^/​(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/​$)/? ​  
 +</​code>​ 
  
useradminpanel.1189946220.txt.gz · Last modified: 2007/09/16 12:37 by faltin