Manage Roles and User Accounts

Manage user access with rights assigned to roles. Then refine access by assigning roles, access permissions, administer groups, and product privileges to each specific user account.
You can manage user access with rights assigned to roles. You can then refine access by assigning roles, access permissions, administer groups, and product privileges to each specific user account:
  • Roles
    Roles, or user account roles, control user access to the functionality and dashboard pages when assigned to user accounts. Based on job functions, roles grant administrative access to product configuration using role rights. Role rights also determine menu visibility (availability). You can grant access to selected custom and predefined menus by editing these role rights. Roles allow users access data and product features that they require to perform their duties. Roles restrict access to functionality that they do not require.
    Roles are shared with registered data sources. Roles determine what users can access in the data source interface when following a drilldown path to a data source. When you add a user, you select a role for the user account. You can edit roles to include new role rights, and disable roles to prevent users with those role assignments from using
    NetOps Portal
    . Use the set of predefined roles to add new users quickly while determining the required customizations.
  • User Accounts
    Custom user accounts let operators view the data, menus, and dashboards that they require to perform their daily tasks. Operators with the administrator role rights can create user accounts and can manage existing accounts. Tenant administrators can manage user accounts only for their own tenant.
    Before you create or edit user accounts, create the custom groups and roles that you require. Groups and roles are among the required parameters for each user account.
In this topic:
Create and Configure a User Account
Place managed items in custom groups before creating user accounts. Assign custom groups to user accounts as "permission groups," which determine the data that each user can view. You can grant selected ownership of a single branch of the Groups tree to a user account with administered groups.
Create any custom roles that you require before creating user accounts. Typically, the predefined roles provide starting points for customization.
Use the following process to create and configure a user account:
  1. Log in as an administrator user.
  2. Confirm that the appropriate groups exist, or create them if necessary. User account parameters include the groups that the user can view. They also include one or more groups that the user can manage. The Administer Groups Owned by You role right allows users without full administrative rights to manage a specific branch of the Groups tree.
  3. Confirm that the appropriate user account roles exist, or create them if necessary.
  4. Add a user account, which includes:
    • Assigning a user account role to it.
    • Assigning permission groups to it. By default, new user accounts do not have access to groups. Their dashboards populate only after you assign one or more permission groups.
    • Assigning group ownership to it. This allows the user to create and modify groups in a branch of the Groups tree.
      You can assign group ownership only to user accounts that have the Administer Groups role right.
    • Granting product privileges to registered data sources.
      For more information about the product privileges that are available for registered data sources, see Product Privilege.
  5. Test the user account by temporarily proxying it.
Example: New User Account
To understand user account parameters, consider an example. A Data Center Manager at your company is responsible for data centers, staff, and infrastructure in the Southwest region.
Follow these steps:
  1. Create a group named Southwest.
  2. Add managed items to this group.
    Include all the routers, switches, applications, and servers that comprise the Southwest region.
  3. Create a custom role that includes the functionality and menus that the Data Center Manager requires.
    The Data Center Manager is not a network engineer. This user does not drill in to detailed data in the data sources. To manage the team, this user requires the ability to create dashboards and assign them to the roles of the team members.
    This user only requires the menus that contain high-level Management and Operations dashboards.
  4. Add the user account. Select the following items:
    • The custom Data Center Manager role.
    • The permission groups containing the managed items within the Southwest group that the Data Center Manager wants to monitor.