This page reviews User Management for GroundWork Monitor.
The Administration>User Management portlet and its options; User Management and Role Management enables administrators to create and manage system user accounts and roles for the GroundWork Monitor portal. Outside of this document, see Administration How To's for how to reference on common User, Portal, and Foundation management tasks.
Figure: User Management Portlet
- User Management - User Management Portlet page. Enables access to user related actions.
- Role Management - User Management Portlet page. Lists current roles and associated actions.
- Users - GroundWork Monitor system users.
- Roles - Users belong to roles. Roles determine system access and privileges.
- Search Users - User Management option to search registered system users to manage.
- Create new user account - User Management option enabling additional system users to be created.
- Registered users - Current system users including enabled and disabled accounts.
- Subscription Modes - Describes the required tasks for registering a user. By default the subscription modes are set to automatic (no email validation, no admin approval).
- Actions - User Management options; e.g.Search, Edit user, Roles
- Create role - A Role Management option enabling additional system roles to be created.
The first page of the User Management portlet is User Management. This page displays some user related actions (e.g. Search users, Create new user account) and some additional information (e.g. Registered users and Subscription mode). This page allows administrators to search for system users and manage account information including disabling or removing an account, and creating new users.
The default portal installation defines three user accounts; an administration user admin who has access to all portlets to alter portal content and administer user accounts. A systems operations type user operator has access to a subset of the available portlets including the actions portlet, Nagios screens, and the Dashboards, Event Console, and Status applications. And, there is a user account user which has access to the Dashboards and Status applications with the ability to submit actions for services and hosts; to schedule downtime, enable/disable notifications, and enable/disable active checks.
Looking at the User Management page (select image icon above), you will see that directly located beneath the User Management tab is the navigation indicator or breadcrumbs. This provides context as to where in the hierarchy of user management the current screen is located.
In the User Management section of this screen an administrator has the options to create new accounts and search for existing user accounts where various actions can be applied including editing user profiles, assigning roles to a user, and disabling or removing an account.
The Matrix section shows at a glance the current number of all registered (enabled/disabled) system users.
And the last section of this page lists the Subscription Modes describing the required tasks for registering a user (e.g. first e-mail validation and then approval by the administrator). The Subscription mode is the mode used in the User portlet. The Admin subscription mode represents the mode used in the User management portlet.
The second page of the User Management portlet is Role Management. This page lists all of the established system roles; GWAdmin, GWOperator, GWUser, msp-sample, ro-dashboard and any other created roles. Roles determine system privileges such as Portal Page access (e.g. Administration, Event Console, Reports) and command execution permissions. A role is used to grant different permission levels to different portlets, pages, or portal instances.
Additionally within Role Management you can control which host groups and service groups are visible to specific roles and their users. These role / user restrictions extend within the Status, Event Console, Dashboards (including My GroundWork), and the Advanced Reports applications. And, administrators can now set restrictions for dashboard links to the Status application.
Taking a look at the Role Management page, you will see that directly beneath the Role Management tab is the navigation indicator or breadcrumbs. This provides context as to where in the hierarchy of role management the current screen is located.
In the Role Management section of this screen is a list of the established system roles. An administrator can use the available actions;
Edit role - Used to change the display name for a role, optionally set Dashboard links to be disabled, and/or to set visible host groups and service groups to be displayed for a role.
Members - Here you can edit a roles user profile information and reassign role access for a user.
Delete - Can be used by an administrator can to remove a role from the system.
Create Role - Enables an administrator to create additional roles, optionally set dashboard links to be disabled, and/or restrict host and service group visibility.
|Role permissions (access to Portal Objects) are set using the Administration>Portal Management portlet.|
Figure: Role Management Page
Figure: Role Management Page - Dashboard Links and Host Group and Service Group Restrictions
As mentioned in the User Management section above, the three user accounts provided with a clean installation admin, operator, and user, are associated with the provided roles GWAdmin, GWOperator, and GWUser.
Additionally, the roles msp-sample (MSP role) and ro-dashboard (Read only dashboard) are included in a clean installation. The msp-sample role does not have any default members assigned and has the host group Linux Servers as the visible and default host group. The ro-dashboard role does not have any default members assigned and there are no default restrictions for host group and service group visibility, although this role restrictions have be set to disable links to the Status application from all dashboards.
Specifically the portlets assigned to each of the default roles are outlined in the table below. All other roles that are created by an administrator will be assigned permissions that match the User role. It will be up to the System Administrator of the GroundWork server to make page/portlet user and role changes.
Table: Portlets assigned to each role (roles provided with a clean installation shown)
|Advanced (Nagios, NMS)||
* network service portlet
** dashboard links to Status disabled
*** no access to the actions portlet