User Tools

Site Tools


useradminpanel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
useradminpanel [2007/10/01 11:36]
faltin
useradminpanel [2010/05/01 21:58] (current)
morten old revision restored
Line 2: Line 2:
  
 {{tools:​useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges. {{tools:​useradmin.png|}} This is where NAV administrator can control NAV user accounts, group memberships and access privileges.
 +
  
  
Line 7: Line 8:
  
 The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the The main view of the user administration panel shows the account list. Each user has a login (username) and a real name. If the
-source of the user is based on [[ldapauthentication|LDAP]],​ the external column will indicate this.  The final column ​listes ​the number of groups the user belongs to.+user is authenticated externally via [[ldapauthentication|LDAP]],​ the external column will indicate this.  The final column ​lists the number of groups the user belongs to.
  
    * To edit the settings for an account, click on the username in question.    * To edit the settings for an account, click on the username in question.
Line 36: Line 37:
  
 **Note:** A new user will be given implicit membership to the groups "​authenticated users" and "​anonymous users"​. If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP.  **Note:** A new user will be given implicit membership to the groups "​authenticated users" and "​anonymous users"​. If you do not tweak on group membership, that will be his/hers set of rights. This also goes for users created with LDAP. 
 +
 +
 +
 +
 +
 +
 +
 +
  
  
Line 43: Line 52:
 ===== Group List ===== ===== Group List =====
  
-NAV comes with the following predefined groups:+NAV comes with the following predefined groups ​(with the explained predifined privileges):
  
 ^ Group ^Description ^ Comment | ^ Group ^Description ^ Comment |
-^ Anonymous users  |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, messages and maintenance |  +^ Anonymous users  |Unauthenticated users (not logged in) |Everyone are implicit members. Gives access to the home page, the traffic map, viewing (but not composing) ​messages and maintenance |  
-^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to statusreportip device centercricket, machine tracker ​and alert profiles. ​  | +^Authenticated users |Any authenticated user (logged in) |New users are implicit members. Gives in addition access to everything **except** the typical admin stuff: user adminseed databasemodule deletecomposing messages ​and maintenance setup   | 
-^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators |+^NAV Administrators |Full access to everything | This access is implicit, no privileges need to be defined for NAV Administrators. As a member you have access to everything in the web interface. ​|
 ^ SMS |Allowed to receive SMS alerts | | ^ SMS |Allowed to receive SMS alerts | |
  
    * To create new groups, simply follow the "​Create new group" link.    * To create new groups, simply follow the "​Create new group" link.
-   * To modify an existing group, click on the group.+   * To modify an existing group, click on the group. ​
 In both cases you proceed to the "Group Details"​ tab In both cases you proceed to the "Group Details"​ tab
 +
 +
  
  
 ===== Group Details ===== ===== Group Details =====
  
-Use this to create new groups or edit existing. Each group must have+Use this to create new groups or edit existing. Each group must have
 + 
 +   * A unique and preferably intuitive name.  
 +   * A description that explains what group membership this group authorizes. 
 + 
 +The actual definition of the group is shown in the Privileges section. 
 + 
 +   * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one (you can not edit a privilege). You can add as many privileges as you like to a group. 
  
-   * A unique and preferably intuitive name  
-   * A description that explains what group membership this group authorizes 
  
-The actual definition of the group is shown in the Privileges section 
  
-   * To grant new privileges to the group, select the privilege type and then enter your target. If you misspelled your target or something, revoke it and create a new one. You can add as many privileges as you like to a group. 
  
  
Line 76: Line 91:
 ^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. | ^web_access | Controls what part of the web system a user has access to. Based on regular expression matching against actual NAV URLs. |
 ^alert_by | Takes only one valid target: '​sms'​. A user is not allowed to receive sms messages from NAV unless he has the "​alert_by for sms" on his privilege list. | ^alert_by | Takes only one valid target: '​sms'​. A user is not allowed to receive sms messages from NAV unless he has the "​alert_by for sms" on his privilege list. |
 +
 +**Note:** Confusingly a third privilege is possible to choose; report_access. Since this privilege has no implementation,​ we will remove the option in a later NAV version (and reintroduce it when/if we actually implement support).
  
 To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group To see examples of how you can use the web_access privilege, take a look at the definitions of the predefined group
 "​Authenticated users"​. A [[http://​www.amk.ca/​python/​howto/​regex/​|HOWTO on regexp]] is also provided as a link under "Grant privileges"​ "​Authenticated users"​. A [[http://​www.amk.ca/​python/​howto/​regex/​|HOWTO on regexp]] is also provided as a link under "Grant privileges"​
 +
 +:!: If your initial NAV installation was earlier than 3.3 your "​Authenticated users" group may have a different
 +setting (which you may well have modified yourself). Consider using this default NAV 3.3 reg exp:
 +
 +<​code>​
 +^/​(preferences|status|navAdmin|report|browse|stats|cricket|machinetracker|ipinfo|l2trace|logger|alertprofiles|devicemanagemt/​$)/?  ​
 +</​code>​
  
  
useradminpanel.1191238582.txt.gz · Last modified: 2007/10/01 11:36 by faltin