Managing users and groups
The Users view within the Administration tab shows the registered user accounts (no.1 in the figure below). You may add and delete users allowed to log in to nevisAdmin if you are a member of the "admin" group. When adding a new user, you must specify an initial user password, too, allowing the user to log in to the nevisAdmin front end (no.2 in the figure).
Users are authenticated against a local password (per nevisAdmin instance) by default. We recommend changing the default by using user authentication against your LDAP directory server, see the chapter Password verification against LDAP.
The user "admin" is a built-in account which is initially used to access the web front-end after the nevisAdmin installation, see chapter Access the web front-end. This user can't be removed, because it is used by nevisAdmin for internal tasks. However, you may deactivate the user by removing his password entry from the /var/opt/nevisadmin/default/nevisadmin/config/keyfile file.
"Groups" are used to grant permissions to environments and zones. Every user may be a member of one or more groups.
A group has the following settings (see the figure Example group view above):
- Members: Defines the users which belong to the group (no.3 in the figure).
- Environments: Defines the environments the group has access to (no.4).
- Zones: Defines the zones the group has access to (no.5). Ensure you add all zones which contain objects used by the assigned environments.
Add and remove groups in the overall Groups view. All available groups are listed in the Groups section in the navigation pane of the Adminstration tab (no.2 in the figure above). The special group "admin" (no.1) grants the permission required to create zones and environments as well as to administrate users and groups.
Each group defines one or multiple permissions which is/are granted to all members for the assigned environments and zones.
The built-in group called "admin" grants administrative permission to its members.
The following table lists the permissions and the actions they allow:
| Read | Write | Operate | Deploy | Software update | Administrate | |
|---|---|---|---|---|---|---|
| View objects and attributes | Y | Y | Y | Y | Y | Y |
| Create new or destroy existing objects | N | Y | N | N | N | Y |
| Modify objects and attributes | N | Y | N | N | N | Y |
| Manage key material (per server or per environment) | N | Y | N | N | N | Y |
| View/Edit instance and service files | N | Y | N | N | N | Y |
| Export applications | N | Y | N | N | N | Y |
| Import and copy applications | N | Y | N | N | N | Y |
| Create configuration revisions (commit) | N | Y | N | N | N | Y |
| View differences (files) between revisions | Y | Y | Y | Y | Y | Y |
| Set global environment variables | N | N | N | Y | N | Y |
| Deploy configuration revisions | N | N | N | Y | N | Y |
| Restore old configuration revisions | N | Y | N | N | N | Y |
| Manage deployment groups | N | Y | N | Y | N | Y |
| Create or destroy instances on the controlled server | N | N | N | Y | N | Y |
| Start or stop instances | N | N | Y | Y | N | Y |
| Change log level of instances | N | Y | N | Y | N | Y |
| View instance's log files (download the whole file) | N | N | Y | Y | N | Y |
| View environment log files (search for log entries) | Y | Y | Y | Y | Y | Y |
| Reboot servers | N | N | Y | N | N | Y |
| Control failover | N | N | Y | Y | N | Y |
| Set server into maintenance mode (suppress alerts) | N | N | Y | Y | N | Y |
| Create new environments and zones | N | N | N | N | N | Y |
| Manage groups and users | N | N | N | N | N | Y |
| Configure instance settings | N | N | N | N | N | Y |
| Configure log settings (size, generations) | N | N | Y | N | N | Y |
| Configure log alert patterns | N | N | N | N | N | Y |
| Configure notification settings (alerting) | N | N | N | N | N | Y |
| Upload software images to the repository | N | N | N | N | Y | Y |
| Schedule a software update (update controlled server) | N | N | N | N | N | Y |
| Access the nevisAdmin audit log | N | N | N | N | N | Y |
| View event messages | Y | Y | Y | Y | Y | Y |
| Create and download environment usage reports | Y | Y | Y | Y | Y | Y |
| Change user's profile (e-mail/password reset) | Y | Y | Y | Y | Y | Y |