Access Control – User Management
To perform user management, follow the below mentioned steps:
2. The User Management window is displayed.
This window contains different tabs, such as User, Group, and Capabilities. Here, user with Admin capability can manage users, Groups, Capabilities and Projects. Other users can view this information but cannot change anything. User with Admin capability can change password of any user.
The system supports two kinds of users:
- Users created locally in the system
- Users available in the LDAP server
User tab displays users, group(s), and capabilities assigned to that user. All the users created are displayed at left hand side of the window. In the adjoining column, it is displayed if these are local users or external users (i.e. LDAP) with DN for LDAP users. User with Admin capability can view native and LDAP users. Native users are displayed automatically but LDAP users are displayed in list on applying search. We cannot add/edit/delete any LDAP user but can add/edit/delete/change password of native user. Other users can view own details only. We can add more groups and capabilities to selected user.
Add New User
One can add a new native user by providing user details, such as, name, email, phone, and password. In addition, a user can be assigned to Group(s) and Capabilities. Other than admin, no other user can add a new user.
To add a new user, follow the below mentioned steps:
- On the User Management window, click the icon on the left. The User Details section is displayed where details of user, such as name, email, phone, password needs to be specified.
2. Click the Save button.
3. Once a user is created, it is displayed in the list.
Admin user is able to import a number of LDAP users at once from the specified LDAP server. Admin can select the LDAP server identifier as available in LDAP settings. Using the LDAP search user credentials, system obtains a list of all the users available in the LDAP server and display them. All user details corresponding to their relative distinguished name (RDN) is displayed. If the list provides a container, i.e. intermediate node in the Directory information Tree, admin can select and this fetches a list of users under that intermediate node. This process can continue until all the entities are obtained at the leaf node level. Again, for each user, a check box selection is provided. From the given list of users, as obtained from the LDAP server, admin can select which users are to be imported.
User with Admin capability can add/edit/delete native groups. There are LDAP groups too, which can be imported from LDAP server. On the Group Management window, left-hand side displays the groups available. Right hand side displays the list of users and capabilities assigned to that group. A group can have multiple users and multiple capabilities. By clicking on respective ‘+’ button, user can assign more users and capabilities to selected group.
Creating a Group
To create a group, follow the below mentioned steps:
- On the Group Management window, click the icon. The Group Details section is displayed where user needs to provide the group details.
2. Enter the group name and description.
3. Click the Save button, the group is created.
User can assign users to the group at the time of group creation or after creating the group. In the subsequent section, how to assign a user to the group is described.
Assign Group to User
User can be associated with a new group or an existing group. In this section, association of user with a group is defined. For association with capabilities, refer the next section.
- Open the group by clicking over it, the group is displayed in the Group Details section along with the already attached users (if any).
2. Click the icon within the Users The Add Users window is displayed.
3. Select the user(s) from the list and click the Attach button. The user is attached with that group and displayed in the Users list.
User with Admin Capability can add a new Capability, edit Capability, and delete Capability. On the Capabilities window, left-hand side displays the Capabilities available.
How to create a capability is described in the subsequent section.
Assigning Capabilities to a Group
Initially, when admin user creates new group, then following options are displayed as capability:
- Read All
- Read Write All
If user selects ‘Read All’ then for this user, read only access to all Tiers, Project/Sub-Project and All Component/Features is provided. If user selects ‘Read Write All’ then this user will get permission of read write to all Tiers, Project/Sub-Project and All Component/Features. If user selects ‘Custom’ then custom permission is implemented for this user.
To add a capability of any type, user first needs to open the add capability section by clicking the icon Then, provide the capability name and its description. Then, needs to select the permission from Read only, Read write, or custom. The process of creating capabilities with all the available options are provided in the subsequent sections.
Creating a Capability with Read Only Permission
In this case, user is granted to have the read only permission of the selected tiers. User cannot perform any operation apart from viewing the data of the selected tiers.
Only the data of the selected tier is displayed in the graph panel. If the data of other tiers are merged with the data of the selected tiers, then user would not be able to view the data. It can be viewed if data is displayed of the selected tiers only.
Creating a Capability with Read Write Permission
In this case, user is granted to have the read write permission of the selected tiers.
Creating a Capability with Custom Permissions
This section allows an admin user to create a custom permission for the user based on different categories. On selecting Custom option, admin user can have the following categories to apply permissions:
Select ‘Tier’ from first level, then select the tier name from the list. User can select multiple tiers to which the permission needs to be applied. Post that, select the permission either ReadOnly or ReadWrite. Only the data of the specified tiers are displayed in the web dashboard with the permission applied. To add permissions to other categories or to the same category i.e. Tier, click the icon.
Select ‘Project’ from the first level, then select project name and sub-project name in the subsequent levels. Post that, select the permission either ReadOnly or ReadWrite. Only the data of the specified project and sub-project are displayed in the script/scenario with the permission applied. To add permissions to other categories or to the same category i.e. Project, click the icon.
Next comes the Advanced section. Here, user can specify permissions for web dashboard features or for Access Control.
It provides a restriction on the selected features, rest all other features behaves normally and user can perform operation on them.
On selecting Web Dashboard as the second level, a list of web dashboard features is displayed at the third level, such as Favorites, Pattern Matching, Configuration, Reports, View by, and so on. User can select multiple features using the check box. Then, in the permission level, there are permissions, such as No Permission, ReadOnly, or ReadWrite. In case of No Permission, that feature is not visible to the attached user. In case of ReadOnly, the feature is visible but user cannot perform any operation. In the ReadWrite operation, user can view that feature and can perform operations on that feature.
In case, if user selects Time Period feature from the list, then permissions, such as No Permission, Low, Medium, and High is displayed.
- Low: In this case, only those View By values will be available to apply which are not producing more than 100 samples with current time period.
- Medium: In this case, View By values will be available to apply which are not producing more than 300 samples with current time period.
- High: All View By values will be available to apply.
On selecting Product UI as the second level, AccessControl is selected as the third level. Admin can apply permission, such as No Permission, ReadOnly, or ReadWrite to the AcceessControl feature of the product UI.