NEXT - multi-user system with access rights differentiation. A separate account can be created for each monitoring system operator, to be used for authorization in the web interface.
Access rights
Access rights depend on the user account role. There are following roles:
- Superadmin - assumes full access rights and is assigned by default to the "admin" user account. This role does not display anywhere, cannot be removed and cannot be assigned.
- Admin - NEXT administrator role. The role provides the following access rights:
- All operations with user accounts and user groups. The exception is "admin" user account.
- All operations with wireless devices.
- All operations with events.
- View monitoring system settings.
- Operator - provides the following access rights:
- View and manage wireless devices.
- View and manage events.
- View user accounts.
- Observer - assigned by default to all new NEXT user accounts. The role provides the following access rights:
- View wireless devices profiles.
- View and manage events.
- View user accounts.
Only one role can be assigned to one user at the same time.
Visibility Area
Visibility areas are a restrictive add-on for access rights. The visibility area limits the list of wireless devices that the user can access. The available devices list is determined by groups of devices assigned to a user account or group of accounts. Thus, the user will have access only to those devices that are included in the device groups assigned to him or the users group where he belongs. Visibility area is also determined by role:
- Superadmin and Admin - full visibility, a user will always see all devices.
- Operator and Observer - zero visibility, a user will only see devices included in groups assigned to him.
Let's look at the examples:
- Devices HostA and HostB included to the Group1 devices group.
- Devices HostC and HostD included to the Group2 devices group.
- User UserA has an Operator role the Group1 is assigned to him.
- User UserB has an Admin role the Group2 is assigned to him.
As a result:
- User UserA can manage the configuration of HostA and HostB devices. His role assumes the devices management, but the visibility area is limited only with devices group Group1.
- User UserB can perform all operations with all devices. His role allows any operation, and the visibility area is not limited. It means that assign device groups to a user with the admin role has no sense.
Superadmin account
NEXT by default has a super-administrator account with the name "admin". It has a following features:
- The administrator account login cannot be changed.
- An admin account can not re removed.
- The administrator account always has a Superadmin role.
User account management
Use the side menu to proceed to the user account management section:
By default, the section displays a list of groups and users accounts. For each account, the following values are displayed:
- "Role" - current user role.
- "Name" - user name.
- "Login" - user login.
- "Email" - user email address.
- "Source" - account source:
- NMS - local user account.
- LDAP - account obtained from the directory server using the LDAP protocol.
Users groups
Groups are necessary to effectively manage the NEXT users visibility areas. Each user group can be assigned one or more device groups. Thus, the visibility area of the group users will be extended to all devices included in the device groups assigned to this user group.
- Each user must be included in at least one user group.
- By default, in the monitoring system the "Administrators" group is created, and with "admin" user included. This group is required and cannot be removed.
User group creation
To create a new user group, click the "New group" button. A form will appear on the screen containing the following fields:
- "Name" - user group name.
- "Description" - arbitrary groups description.
Fill these fields and click on the "Save" button to create a new group.
Assigning device groups to user groups
Remove users group
Create user account
To add a new user account, click the "New User" button. A form will appear on the screen containing two sections:
- Information - basic user account settings:
- "Name" - an arbitrary user name, such as his first and last name.
- "Email" - the email address of the user to which notifications will be sent.
- "Login" - user login used for authentication.
- "Password" and "Password confirm" - account password and confirmation.
- "Role" - account role.
- "Active user" - activation/deactivation flag of user account. A user with a deactivated account will be denied access to the NEXT web interface.
- Groups - user groups where this account is included. This section contains a current groups list. To remove an account from a group or include it in a new one, click the "Chose Groups" button and select or deselect the corresponding groups and click the "OK" button.
To apply the changes, click the "Save" button.