Difference between revisions of "UM::User Management"

From NetXMS Wiki
Jump to navigation Jump to search
m (Text replacement - "^" to "{{deprecated}}")
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:User Management}}
{{deprecated}}Information moved to documentation:
= Introduction =
NetXMS has it's own user database. All NetXMS user accounts stored in backend SQL database. Each account has it's own unique login name and identifier. The account may also have a password.


= Terms and Definitions =
https://www.netxms.org/documentation/adminguide/user-management.html
 
== Users ==
 
NetXMS has the following attributes for users:
* Unique identifier
* Unique login name
* First name
* Last name
* Description
* Authentication method
* Password
* Certificate
 
Not all attributes are mandatory.
 
=== Superuser ===
 
NetXMS has built-in superuser with ID 0, which always has full access to the system. Default login name for superuser is '''admin'''. Superuser account can be renamed or disabled, but cannot be deleted.
 
== Groups ==
 
Each user can be member of several groups. Groups are the preferred way to organize access permissions. You should always grant permission to groups instead of using individual users. That way you will get a much shorter access control list which is easier to handle. Access rights from multiple groups are summarized to calculate effective user access rights.
 
== System Access Rights ==
 
System access rights used to grant access to system-wide configuration (like [[UM:Event_Processing#Event_Processing_Policy|Event Processing Policy]]) and functions (like agent registration). The following system access rights can be granted:
 
{| class="wikitable"
|-
! Access Right !! Description
|-
| Access server console || Allow user to access server's debug console.
|-
| Configure event templates || Allow user to configure event templates.
|-
| Configure object tools || Allow user to configure object tools.
|-
| Configure server actions || Allow user to configure server actions.
|-
| Configure situations || Allow user to configure [[UM:Event_Processing#Situations|situations]].
|-
| Configure SNMP traps || Allow user to configure SNMP trap mapping.
|-
| Control user sessions || Allow user to see active user sessions and force terminate them.
|-
| Delete alarms || Allow user to delete alarms from database.
|-
| Edit event processing policy || Allow user to edit [[UM:Event_Processing#Event_Processing_Policy|Event Processing Policy]].
|-
| Edit server configuration variables || Allow user to edit server configuration variables.
|-
| Manage agent configurations || Allow user to create, edit, and delete agent configurations stored on server.
|-
| Manage packages || Allow user to install, remove, and deploy agent packages.
|-
| Manage server files || Allow user to upload files to server and delete files stored on server.
|-
| Manage script library || Allow user to manage scripts in Script Library.
|-
| Manage users || Allow user to manage user accounts. Please note that user having this access right granted can modify own account to get any other system right granted.
|-
| Read server files || Allow user to read files stored on server and upload to agents (user still needs appropriate object rights for upload).
|-
| Register agents || Allow user to register NetXMS agents.
|-
| Send SMS || Allow user to send SMS via NetXMS server. This access right has no effect unless server configuration variable '''AllowDirectSMS''' set to 1.
|-
| View audit log || Allow user to view audit log.
|-
| View event log || Allow user to view event log.
|-
| View event templates configuration || Allow user to view configured event templates.
|-
| View SNMP trap log || Allow user to view SNMP trap log.
|}
 
== Object Access Rights ==
 
Object access rights controls access to NetXMS objects. Permissions given to an object inherited by all child objects, unless specifically blocked by turning off "Inherit access rights from parent object(s)" option in object's access control properties. Permissions given at different levels of the object tree summarize to form effective user rights for the object.
 
The following object access rights can be granted:
 
{| class="wikitable"
|-
! Access Right !! Description
|-
| Access control || Modify access control list for this object. Please note that user with this access right can grant any other access rights to own account.
|-
| Acknowledge alarms || Acknowledge alarms with this object as source.
|-
| Control || For node objects, execute object tools of type "Remote Command".
|-
| Create child objects || Create child objects (or bind existing) under this object.
|-
| Delete || Delete this object.
|-
| Modify || Modify object's properties (except access control).
|-
| Push data || Push data for DCIs on this object.
|-
| Read || View object in the tree and read it's information. For node objects, read access allows to view collected DCI data.
|-
| Send events || Send events on behalf of this object.
|-
| Terminate alarms || Terminate alarms with this object as source.
|-
| View alarms || View alarms with this object as source.
|}
 
= User Authentication =
 
== Internal Password ==
 
This is the default method for user authentication. Password provided by user compared against password stored in NetXMS database.
 
== RADIUS ==
 
If RADIUS authentication method selected password provided by user sent to [http://en.wikipedia.org/wiki/RADIUS RADIUS] server for validation. User is granted access if RADIUS server responds with Access-Accept. Communication between NetXMS server and RADIUS server controlled by the following server configuration variables:
 
{| class="wikitable"
|-
! Header text !! Header text !! Header text
|-
| RADIUSNumRetries || The number of retries for RADIUS authentication. || 5
|-
| RADIUSPort || Port number used for connection to primary RADIUS server. || 1645
|-
| RADIUSSecondaryPort || Port number used for connection to secondary RADIUS server. || 1645
|-
| RADIUSSecondarySecret || Shared secret used for communication with secondary RADIUS server. || netxms
|-
| RADIUSSecondaryServer || Host name or IP address of secondary RADIUS server. || none
|-
| RADIUSSecret || Shared secret used for communication with primary RADIUS server. || netxms
|-
| RADIUSServer || Host name or IP address of primary RADIUS server. || none
|-
| RADIUSTimeout || Timeout in seconds for requests to RADIUS server || 3
|}
 
Changes to these configuration variables becomes effective immediately and does not require NetXMS server restart.
 
= Managing User Accounts =
 
All NetXMS user accounts can be managed from "User Manager", accessible via Configuration menu in NetXMS Console. Only users with granted system right "Manage users" can access User Manager.
 
* To create new user account, select "Create new user" from view menu or context menu.
 
* To create new group, select "Create new group" from view menu or context menu.
 
* To delete user account, select it in the list, right-click, and select "Delete" from popup menu. You can delete multiple accounts at a time.
 
* To modify properties of user or group, select it in the list, right-click, and select "Properties..." from popup menu.
 
* To reset user's password, select user account in the list, right-click, and select "Change password..." from popup menu.

Latest revision as of 18:14, 13 September 2022

This Wiki is deprecated and we are are currrently migrating remaining pages into product documentation (Admin Guide, NXSL Guide)

Information moved to documentation:

https://www.netxms.org/documentation/adminguide/user-management.html

Retrieved from "https://wiki.netxms.org/index.php?title=UM::User_Management&oldid=2027"