Functional Overview
The DashBoard Server and URM operates as a form of hierarchical database where user permissions are organized into a tree-like format. As outlined in the section, “Functional Overview”, you can install the DashBoard Server and URM to be an embedded LDAP Server or to use the corporate (external) LDAP Server for users and roles only.
The DashBoard Server and URM is composed of:
Properties — Define specific tasks for which permissions can be set.
Users and roles — Define who has access to the options in the DashBoard client, the DashBoard Server and URM.
Devices — Define access to physical devices and the applicable settings that are displayed in the DashBoard client.
This section provides a functional overview of the DashBoard Server and URM to help you configure and manage your user database.
Licensed Number of Users
The DashBoard Server and URM allows for licenses that stipulate the number of users that can be configured. The Configure DashBoard Server and the Configure DashBoard URM interfaces display the maximum number of users that can be configured (as defined by your license key) and how many of those accounts are currently configured.
When the number of users is limited, settings can only be configured for that number of licensed users/roles. However, if there are more users/roles with configured settings than the license allows, no users/roles can have their settings configured until you purchase a license for more users or by reducing the current number of configurable users.
Permissions
Permissions are configured using the options in the Configure User Rights dialog. Permissions can be tailored to your facility needs.
Allow, Deny, Inherit
There are three permission settings: Allow, Deny, and Inherit. These options are applicable to device and setting properties, and can be configured for individual users and/or roles.
Allow — This option enables the role or user to perform the specific task.
Deny — This option prevents the role or user from performing the specific task.
Inherit — This option assumes the permission settings from the hierarchy. Setting a property to Inherit causes DashBoard to search higher in its hierarchy for a setting of Allow or Deny for the same property. At any given level in the hierarchy, an Allow takes precedence over a Deny. You can see the value that the property inherits as a green checkbox in either the Allow or Deny column. For example, selecting Inherit for a specific card will apply the permissions as set in the frame that the card is installed in.
Users, roles, and devices that have neither had permissions set nor confirmed to be “wide open” are indicated with an asterisk in the tree view of the Configure User Rights dialog, enabling you to quickly see which devices and settings still need to be configured.
Users
Users must be given a unique ID name and an associated password. User IDs are forced to be an E-mail address. This information can be used to log into the DashBoard client. One user account, Default User, comes automatically configured with the DashBoard Server and URM. The same user account can be active on multiple DashBoard clients. For example, the Default User account can be used by multiple people to log in from separate desktops.
You can choose to create individual accounts for each person accessing devices via a DashBoard client, have a single Default User account that is used by everyone, or enable an external LDAP Server to define user accounts. This is dependent on your facility requirements.
Users can have permissions defined based on their individual account, membership in a role, or based on a specific device, a device type, or menu(s) for a device. Keep in mind that users assigned to roles assume the permissions as defined by that specific role.
Roles
A role is a group of users that share the same permissions because they belong to that specific role. By default, when using the internal LDAP Server, the DashBoard URM includes two roles: Administrator and Basic User. You can configure additional roles, based on any number of parameters, as required. For example, you may want to create a role that grants card upgrade permissions, but read-only access to all other parameters. If you are using an external LDAP Server, only the roles defined by that LDAP are used.
The difference between a role and a user is that an account is assigned to a specific user, while a role can be assigned to multiple users. Note that if any role that a user is a member of has the permissions to perform a task, that user also has the permissions to perform that task. Objects that have neither had permissions set nor confirmed to be “wide open” are displayed in the Configure User Rights dialog with an asterisk so that they can have permissions set.
You need at least one Administrator who can modify server and URM settings. The DashBoard Server and URM automatically includes an Administrator role and a Basic Users role.
Administrator role — You can use this role to set permissions for configuring server and URM settings, network settings, and/or to perform software upgrades. Assign the users that you wish to grant such permissions to this role.
Basic Users role — You can use this role to assign permissions that might apply to a wide range of users who do not need full access. For example, if you wish to limit most of your users to read-only access for server and URM settings, configure the Basic Users role to Deny all tasks except Read for the server and URM.
Devices
Devices are objects that communicate with the DashBoard client and appear in the Tree Views and are arranged in a hierarchy. The method for configuring device permissions depends on how specific you want to be. Permissions for devices can be tied to the system (global), the device itself, the type of device, or menu items for that device. Note that any given permission is always tied to a user or role.
For example, if you are configuring an openGear card, you can configure permissions based on one or more of the following: