This section provides a general overview of the options available in the User tab of the
Configure User Rights dialog. From this tab you can manage users and roles. Use this tab to perform tasks such as create and manage users for an Embedded LDAP database, assign users to roles, and specify permissions. Permissions can be based on the device, the user, how a role is defined, or a combination depending on your requirements. Navigate to this tab by expanding the
DashBoard Server node in the DashBoard client, expanding the
DashBoard URM node, and selecting the
Users node.
The tree view displays a list of all the roles and user accounts currently configured in the DashBoard Server and URM. The
Only configurable users check box is used to specify whether the tree view displays all users in the DashBoard Server and URM service (check box is cleared), or display those users that are not disabled (check box is selected).
•
|
— This icon represents a group that cannot be configured.
|
•
|
— This icon represents a user account. Selecting a user allows the Administrator to view/modify all permissions for the user and all groups to which the user belongs.
|
•
|
— This icon represents a role. Selecting a role allows the Administrator to see all permission settings for the role, and the permissions to be edited. Expand the role node to display a list of users currently assigned to that role.
|
•
|
— This icon represents the Missing Users node. Expanding this node lists users accounts that were configured but now are deleted from the external LDAP Server.
|
New users can be added to the system by selecting Create User or
Create Role. These buttons are disabled if the system is set to automatically import users from an external LDAP Server. Click
Refresh to update the tree view in the
Configure User Rights dialog.
•
|
Click Import to copy the currently displayed permissions to another user or role.
|
•
|
Click Export to copy permissions from the currently selected device to another device of the same type.
|
This check box reminds the Administrator of the number of users/roles that can be configured and when that limit is reached if you do not have a license that enables an unlimited number of users. If the DashBoard Server is not in compliance with its license (there are more users/roles configured than the license allows), all configuration is disabled and the
Configure User Rights dialog displays an error message that warns the Administrator to take action to re-able configuration.
•
|
Allow custom permissions — If your DashBoard Server has not reached the maximum number of configurable users as defined by your license, selecting this option enables you to configure the selected user account.
|
•
|
Delete User Account — Selecting this option enables you to delete the selected user account. This is helpful when your DashBoard Server is not in compliance with its license.
|
If you are configuring a user account, this tab displays the account ID, user display name, and enables you to specify a new password or display name. From this tab you can assign users to roles, and activate or de-active the account. If the user is validated against an external LDAP Server, the contact information, password, display name, and permissions are read-only.
If you are configuring a role, this tab displays the role ID and display name as read-only text. If you are using an external LDAP for your user information, all user and role (group) information on this tab is read-only.
This tab enables you to select and modify permissions specific to the selected user or role. A tree view, based on the information seen in the Basic Tree View of the DashBoard client, enables you to select objects to configure permissions for the specified user or role. Selecting a node in the tree view of this tab displays the settings for that user or role with that object in the Property Editor. For example, selecting a node for a card updates the Property Editor for that user to display the options to configure permissions for.
Select the Show only devices with settings option to display only those objects with settings already configured for the selected user or role. The default setting is unselected.
The Property Editor for a user shows all of the permissions set for this user. This area updates every time a new user, role, or device is selected for configuration. When configuring permissions, this area displays the available permissions can be set to Allow, Deny, or Inherit. Any object can be selected to have its permissions modified for the user. By default, all the permissions are set to
Inherit for new accounts and roles.
•
|
Allow — Select this option to enable the role or user to perform the specific task. For example, if you select Allow for the Modify Server Settings for the Administrators role, all users assigned to that role can change the settings for the DashBoard Server.
|
•
|
Deny — Select this option to prevent the role or user to perform the specific task. For example, if you select Deny for the Modify Server Settings for the Basic Users role, all users assigned to that role cannot change the settings for the DashBoard Server.
|
•
|
Inherit — Select this option to assume the permission settings from the hierarchy. For example, selecting Inherit for a specific card will apply the permissions as set in the frame that the card is installed in.
|
•
|
— A blue check mark indicates the property inherits its permissions from the hierarchy.
|
•
|
— A green check mark indicates the permission inherited. For example, in (Figure 2.6) all the permissions are inherited.
|
Click Apply to save changes to all users and roles with unsaved changes. Until the
Apply button is clicked, all objects with unsaved changes are marked with an asterisk (*). Clicking
Clear clears any unsaved changes, restoring items to the previously saved states.