Infinet Wireless: Technical Documentation
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

NEXT - multi-user system with access rights differentiation. A separate account can be created for each monitoring system operator, to be used for authorization in the web interface.

Access rights

Access rights depend on the user account role. There are following roles:

  • Superadmin - assumes full access rights and is assigned by default to the "admin" user account. This role does not display anywhere, cannot be removed and cannot be assigned.
  • Admin - NEXT administrator role. The role provides the following access rights:
    • All operations with user accounts and user groups. The exception is "admin" user account.
    • All operations with wireless devices.
    • All operations with events.
    • View monitoring system settings.
  • Operator -  provides the following access rights:
    • View and manage wireless devices.
    • View and manage events.
    • View user accounts.
  • Observer - assigned by default to all new NEXT user accounts.  The role provides the following access rights:
    • View wireless devices profiles.
    • View and manage events.
    • View user accounts.

Only one role can be assigned to one user at the same time.

Visibility Area

Visibility areas are a restrictive add-on for access rights. The visibility area limits the list of wireless devices that the user can access. The available devices list is determined by groups of devices assigned to a user account or group of accounts. Thus, the user will have access only to those devices that are included in the device groups assigned to him or the users group where he belongs. Visibility area is also determined by role:

  • Superadmin and Admin - full visibility, a user will always see all devices.
  • Operator and Observer - zero visibility, a user will only see devices included in groups assigned to him.

Let's look at the examples:

  • Devices HostA and HostB included to the Group1 devices group.
  • Devices HostC and HostD included to the Group2 devices group.
  • User UserA has an Operator role the Group1 is assigned to him.
  • User UserB  has an Admin role the Group2 is assigned to him.

As a result:

  • User UserA can manage the configuration of HostA and HostB devices. His role assumes the devices management, but the visibility area is limited only with devices group Group1.
  • User UserB can perform all operations with all devices. His role allows any operation, and the visibility area is not limited. It means that assign device groups to a user with the admin role has no sense.

Superadmin account

NEXT by default has a super-administrator account with the name "admin". It has a following features:

  • The administrator account login cannot be changed.
  • An admin account can not re removed.
  • The administrator account always has a Superadmin role.

User account management

Use the side menu to proceed to the user account management section:

Figure - transition to account management section

By default, the section displays a list of groups and users accounts. For each account, the following values are displayed:

  • "Role" - current user role.
  • "Name" - user name.
  • "Login" - user login.
  • "Email" - user email address.
  • "Source" - account source:
    • NMS - local user account.
    • LDAP - account obtained from the directory server using the LDAP protocol.
Figure - List of users accounts and groups

Users groups

Groups are necessary to effectively manage the NEXT users visibility areas. Each user group can be assigned one or more device groups. Thus, the visibility area of the group users will be extended to all devices included in the device groups assigned to this user group.

  • Each user must be included in at least one user group.
  • By default, in the monitoring system the "Administrators" group is created, and with "admin" user included. This group is required and cannot be removed.

User group creation

To create a new user group, click the "New group" button. A form will appear on the screen containing the following fields:

  • "Name" - user group name.
  • "Description" - arbitrary groups description. 

Fill these fields and click on the "Save" button to create a new group.

Figure - Add user group

Assigning device groups to user groups

Assigning device groups is possible only for an already created group.
Select the user group to assign devices groups. A block with information about the selected group and management options will appear on the right. Go to the "Hosts" section, all assigned device groups are displayed here. To assign a new group, click the "Chose Groups" button and in the new menu, check all the groups that should be assigned to the selected user group. To deselect, click on the corresponding device groups again. To apply the changes, click "OK" and then "Save".


Figure - Assigning devices groups


Remove users group

To delete a group, it must not contain user accounts. Move all users of the deleted group to another group, then select the deleted group and click the "Delete" button.

Create user account

To add a new user account, click the "New User" button. A form will appear on the screen containing two sections:

  • Information - basic user account settings:
    • "Name" - an arbitrary user name, such as his first and last name.
    • "Email" - the email address of the user to which notifications will be sent.
    • "Login" - user login used for authentication.
    • "Password" and "Password confirm" - account password and confirmation.
    • "Role" - account role.
    • "Active user" - activation/deactivation flag of user account. A user with a deactivated account will be denied access to the NEXT web interface.
  • Groups - user groups where this account is included. This section contains a current groups list. To remove an account from a group or include it in a new one, click the "Chose Groups" button and select or deselect the corresponding groups and click the "OK" button.

To apply the changes, click the "Save" button.

 

Figure - Create user account

Assigning devices groups

Assigning devices groups is possible only for an account that has already been created.
Select the account to assign devices groups. A block with information about the selected group and management options will appear on the right. Go to the "Hosts" section, all assigned device groups are displayed here. To assign a new group, click the "Chose Groups" button and in the new menu, check all the groups that should be assigned to the selected user account. 
To deselect, click on the corresponding device groups again. To apply the changes, click "OK" and then "Save".


  • No labels