This article is applicable to Entuity v20.0.
- For ENA v18.0, please see this article.
- For Entuity 19.0, please see this article.
- For Entuity v21.0, please see this article.
System user groups and user profiles
To set up user group membership
To set user group tool, report and task permissions
To expire the passwords of all users in a selected group
To reset the settings of all users in a selected group to the global settings
To edit the groups to which a user belongs
To specify which servers a user group can see
Recommended best practices for setting up user groups and user permissions across multiple servers
User groups are means to determine the permission level of individual user accounts. You can associate individual user accounts with one or more user groups, and in doing so can meet the varied requirements of different types of users.
User groups need to be set up for all authentication types (internal, external and RSSO) on all servers.
System user groups and user profiles
There are two predefined system user groups:
-
Administrators.
- this group allows users full access to Entuity's functionality.
- you cannot delete the Administrators group, and it must always have at least one member.
-
All Users.
- all user profiles belong to the All Users group.
There are two predefined user profiles:
- admin - a member of both Administrators and All Users.
- user - a member of All Users.
To create a user group:
- In the Main Menu, click Administration.
- Click Account Management. Under the Groups tab on the Account Management page, click Add.
- This opens the Add Group window. Enter a name for the group in the Enter a group name field and click OK to save, otherwise click Cancel.
- The group is then created. By default, all users are excluded from a group when it is first created.
To set up user group membership:
- Under the Groups tab on the Account Management page, click Edit Users.
- This opens the Edit Group Members window. All of the users currently excluded from the group are in the left-hand column (Non-members), whilst all of the users currently included in the group are in the right-hand column (Members).
- To move users between the columns, select the user (or multiple users via the ctrl or shift keys) and click the left or right arrow between the columns.
- Click OK to save, otherwise click Cancel.
To set user group tool, report and task permissions:
Members of the Administrators user group have full access to all Entuity tools, reports, tasks and reports. They also have access to all objects managed by Entuity.
You can assign permissions to users by giving permissions to groups that they are members of. It is through membership of user groups that users gain their permissions. This is done by taking the union of the permissions for all groups the member is a user of. For example, if a user belongs to two user groups, with one permitting access to a function and the other denying access, the user will have access to that function.
- Under the Groups tab on the Account Management page, select the user group you would like to set permissions for, and click Tool Permissions.
- This opens the Tool Permissions window. Tick the boxes for each tool to which you want the users in the user groups to have access to.
- Click OK to save, otherwise click Cancel.
Note, the Administration option does not on the Main Menu if a user does not have any permissions that would populate the Administration page (i.e., if the Administration page would be empty).
The available tool permissions are as follows:
Section | Tool | Description |
---|---|---|
Tools | permissions allow you to control access to Entuity tools. | |
Flow Viewing | Access to dashboards to view flow contents. | |
Flow Management (formerly Flow Inspection in Entuity v19.0 P03 and below) | access to IFA and configuration. | |
Ticker | access to the ticker functionality. | |
Configuration Management Administration | access to configuration management functionality. | |
Configuration Monitor Administration |
access to editing configuration monitor settings, and annotating and favoriting device configurations. This allows you to:
A user with this permission also automatically has access to the functionality enabled by the Configuration Monitor View Config, Configuration Monitor Check Config, and Configuration Monitor Download Config permissions (see below). Retrieved configuration details are associated with their device, so access permissions are granted based on that View membership. Retrieved configuration details are associated with their device, so access permissions are granted based on that View membership. Note, if you are using Entuity v19.0 P03 and earlier, this allows you access to all configuration monitor functionality. |
|
MIB Browser | access to the MIB Browser. | |
Application Monitor | access to application monitor functionality. | |
Annotation Manager | access to annotating managed objects. | |
Trace Route | access to trace route from the Entuity server. | |
Remote Terminal | access to remote terminal. | |
Configuration Monitor View Config | access to viewing and comparing configuration file changes for a device. | |
Configuration Monitor Check Config | access to checking and retrieving configuration files for a device. | |
Configuration Monitor Download Config | access to downloading either the running or startup configuration for a device. | |
Configuration Management Firmware | access to adding firmware to repository, starting and stopping firmware updates, and editing firmware update schedules. | |
Administrator Tools | permissions allow access to functionality available through the UI. | |
Incident Editing | access to incident edit functionality. | |
Object Editing | access to object edit functionality. | |
Multi-Server Administration | access to multi-server configuration functionality. | |
Data Export | access to data export functionality. | |
Event Notification Administration | access to event notification administration functionality. | |
Event Suppression | allows users to manage event suppressions (this is a different mechanism to suppressions defined through Event Administration). | |
Maintenance | allows users to view and edit maintenance schedules. | |
User Defined Polling | access to User Defined Polling functionality | |
View Audit Log | access to the Entuity Audit Log. | |
Entuity Health |
access to the system information functionality:
|
|
Event Administration | access to Event Administration functionality. | |
IP SLA Administration | access to Cisco IP SLA functionality. | |
Dashboard Management | access to dashboard management functionality, including duplicating and editing dashboards and creating custom dashboards. | |
ICMP Monitor | access to ICMP Monitor functionality. | |
License Administration | allows users to add new licenses via the Install New License functionality on the License Health page. | |
Credential Administration | allows users to see and access the Asset Credential Management page, and create and edit credential sets. | |
SurePath Administration | Allows users to see and access SurePath administration pages, and create, edit and delete paths. | |
Webhook Administration | Allows users manage (create, edit and delete) custom webhooks. | |
Reports | set permission report levels. | |
Flex Reports | allows users to build Flex Reports. | |
Report Builder (Requires Reports) | allows users to build new reports via the Report Builder (this also requires the Reports permission). | |
Reports | access to Reports. | |
Menus and Links | permissions allow you to control access to functionality that is enabled via the Custom Menu. The options will depend upon the integrations and modules that are activated. | |
Show Remedy | access to custom menus that are available with the Entuity Remedy AR System Integration. | |
Show User Menus | access to customized context menus. | |
Hide Configuration Tasks | enable to hide the the top-level 'Configuration Management' option from the context menu. This is useful if you have not enabled any other configuration management permissions for the user group, which would result in the 'Configuration Management' context menu option opening to an empty list. | |
Hide Preferences | enable to hide the user's Preferences option in the Main Menu. This is useful to ensure user preferences remain as specified by administrators. | |
Inventory | permissions allow access to Asset Management page, Auto Discovery, and Inventory Snapshots. | |
Inventory Administration | access to functionality available through Managed Assets. | |
Auto Discovery Administration | allows users to run Auto Discovery (also requires Inventory Administration permission). | |
Inventory Snapshots Administration | allows users to take snapshots of the selected View's inventory, which are used with the Inventory Change report. | |
Managed Port Administration | allows users to unmanage ports on a device, and to manage previously unmanaged ports. | |
View Administration | permissions allow you to manage Views. | |
Edit View Filters | access to create, edit and delete View filters. | |
Share Views | allows users to share Views they own with members of selected user groups. | |
Geographical Map | allows users to use Geographical Map functionality. | |
Create Views | allows users to create Views. | |
Service Administration | access to services functionality. |
Please see this article for further help and information on managing reporting permissions.
- Under the Groups section on the Account Management page, select the user group you would like to set permissions for, and click Report Permissions.
- This opens the Report Permissions window. This window lists the available report categories and their constituent reports.
- On each report, click the permission setting to open the context menu, from which you can select one of the following:
Use default | inherits the default report permission. |
No Access | prevents members of the user group accessing the report (unless they are members of another group with this permission). |
View only | members of the user group can view generated reports. |
View and Run | members of the user group can run and view generated reports. |
View, Run and Schedule | members of the user group can schedule, run and view generated reports. |
View, Run, Schedule and Edit | members of the user group can schedule, run, view and edit generated reports. |
This is where you control access to Configuration Management tasks, on a per-task basis. By default, all tasks are set to the default permission. The default permission can be edited.
- Under the Groups tab on the Account Management page, select the user group you would like to set permissions for, and click Task Permissions.
- This opens the Task Permissions window. You can edit the default permission (which is by default set to No Access) in the Default task permission field at the top of the window.
- You can also edit each task's permissions individually.
- The available permissions are as follows:
Use default | inherits the default task permission. |
No Access | prevents members of the user group accessing the task (unless they are members of another group with this permission). |
Run | members of the user group can run and view tasks. |
Run and Schedule | members of the user group can schedule, run and view tasks. |
To delete a user group:
You can only delete custom user groups. You cannot delete the predefined system user groups, which are Administrators and All Users.
When deleting a user group, Entuity also deletes the membership of user accounts to that group, but does not delete the individual user accounts themselves.
- Under the Groups tab on the Account Management page, select the user group you want to delete, and click Remove.
- A deletion confirmation window will open. Click Yes to confirm the delete, otherwise click No.
To expire the passwords of all users in a selected group
- Under the Groups tab on the Account Management page, select the user group for which you would like to expire all passwords. This will take effect the next time the users in the selected group each individually log in. Note, you can only select one group at a time.
- Click Expire Passwords. A confirmation window will open, click Yes to confirm, otherwise click Cancel.
To reset the settings of all users in a selected group to the global settings:
- Under the Groups tab on the Account Management page, select the user group for which you would like to reset the settings to the global settings. Note, resetting to global settings does not reset the user specific settings.
- Click Reset User Settings. A confirmation window will open, click Yes to reset the settings of all users in the selected group to the global settings, otherwise click Cancel.
To edit the groups to which a user belongs:
- Under the Users tab on the Account Management page, select the user for whom you would like to edit group membership.
- Click Edit Groups. This will open the Edit User Membership: <user> window.
- Using the arrow buttons, select and move the user groups between the Available groups column and the Member of column.
- Click OK to save your changes, otherwise click Cancel.
To specify which servers a user group can see:
You can specify the servers that the members of a user group can see. When specified, members of the user group will be restricted to seeing data only from the specified servers.
To specify which servers a user group can see:
- Navigate to the Groups tab on the Account Management.
- Select the user group that you want to edit, and then click Edit Servers to open the Edit Group Servers: <user group> window.
- Select the available servers that you want to move between the Excluded and Included columns. If a server is in the Included column, the user group will have access to data on that server.
- Click OK to save your changes, otherwise click Cancel.
Recommended best practices for setting up user groups and user permissions across multiple servers:
Entuity recommends mirroring configuration across all servers as far as possible. This would require you to create the same user groups on each server, and then add the same permissions to each group on each server. Account Administration can be undertaken through the UI via the steps above, or via Entuity's RESTfulAPI functionality.
However, there are circumstances where you might want to have different permissions per server, for example in the case of MSPs who might want to keep access between customer servers separate. In this case, you will need to go to the individual server and change the permissions there, e.g. turning off permissions for Customer B on Customer A’s server.
Comments
0 comments
Please sign in to leave a comment.