Skip to main content
Version: 3.8.x.x LTS

Managing users and groups

The Users view within the Administration tab shows the registered user accounts (no.1 in the figure below). You may add and delete users allowed to log in to nevisAdmin if you are a member of the "admin" group. When adding a new user, you must specify an initial user password, too, allowing the user to log in to the nevisAdmin front end (no.2 in the figure).

User management view

Users are authenticated against a local password (per nevisAdmin instance) by default. We recommend changing the default by using user authentication against your LDAP directory server, see the chapter Password verification against LDAP.

info

The user "admin" is a built-in account which is initially used to access the web front-end after the nevisAdmin installation, see chapter Access the web front-end. This user can't be removed, because it is used by nevisAdmin for internal tasks. However, you may deactivate the user by removing his password entry from the /var/opt/nevisadmin/default/nevisadmin/config/keyfile file.

"Groups" are used to grant permissions to environments and zones. Every user may be a member of one or more groups.

Example group view

A group has the following settings (see the figure Example group view above):

  • Members: Defines the users which belong to the group (no.3 in the figure).
  • Environments: Defines the environments the group has access to (no.4).
  • Zones: Defines the zones the group has access to (no.5). Ensure you add all zones which contain objects used by the assigned environments.

Add and remove groups in the overall Groups view. All available groups are listed in the Groups section in the navigation pane of the Adminstration tab (no.2 in the figure above). The special group "admin" (no.1) grants the permission required to create zones and environments as well as to administrate users and groups.

Each group defines one or multiple permissions which is/are granted to all members for the assigned environments and zones.

Example permission settings of the group view

The built-in group called "admin" grants administrative permission to its members.

The following table lists the permissions and the actions they allow:

ReadWriteOperateDeploySoftware updateAdministrate
View objects and attributesYYYYYY
Create new or destroy existing objectsNYNNNY
Modify objects and attributesNYNNNY
Manage key material (per server or per environment)NYNNNY
View/Edit instance and service filesNYNNNY
Export applicationsNYNNNY
Import and copy applicationsNYNNNY
Create configuration revisions (commit)NYNNNY
View differences (files) between revisionsYYYYYY
Set global environment variablesNNNYNY
Deploy configuration revisionsNNNYNY
Restore old configuration revisionsNYNNNY
Manage deployment groupsNYNYNY
Create or destroy instances on the controlled serverNNNYNY
Start or stop instancesNNYYNY
Change log level of instancesNYNYNY
View instance's log files (download the whole file)NNYYNY
View environment log files (search for log entries)YYYYYY
Reboot serversNNYNNY
Control failoverNNYYNY
Set server into maintenance mode (suppress alerts)NNYYNY
Create new environments and zonesNNNNNY
Manage groups and usersNNNNNY
Configure instance settingsNNNNNY
Configure log settings (size, generations)NNYNNY
Configure log alert patternsNNNNNY
Configure notification settings (alerting)NNNNNY
Upload software images to the repositoryNNNNYY
Schedule a software update (update controlled server)NNNNNY
Access the nevisAdmin audit logNNNNNY
View event messagesYYYYYY
Create and download environment usage reportsYYYYYY
Change user's profile (e-mail/password reset)YYYYYY