Tutorial - Creating Users and Assigning Roles and Permissions

Owned by
Former user (Deleted)
Last updated: Nov 29, 2022 by
IT Stonebranch
Version comment
3 min read

Introduction

In this exercise, we will create some users related to the Operations and Tech Support departments created in the Creating Business Services tutorial.

We also will assign access and management rights via user roles and Universal Controller permissions:

  • Roles are pre-defined groups of permissions that control access to users, reports (filters), gauges, bundles, and promotions.
  • Permissions control who can add, change, delete and control Controller tasks, task instances, triggers, Agents, calendars, and credentials.

Create New Users

In this exercise, we will create a new user and assign different permissions to it.
 

Step 1

From the Administration navigation pane, click Security > Users. The User list displays.

Step 2

Click the New button to display empty User Details for a new user and enter / select the following values:

Step 3

Click the Save button, log out of the Controller and then log in as user1.

Step 4

Click on several areas of the user interface. Since user1 has not been assigned any permissions, user1 can view only a limited number of lists and records, and cannot create, modify, or delete any records.

Step 5

Log out of the Controller and log in as ops.admin.

Step 6

Open the user1 record and click the User Roles tab.

Step 7

Click Edit.

Step 8

Move the ops_admin role to the Roles List and click Save to provide user1 with full administrative permissions.
 

Step 9

Click the User tab and then click the Update button.

Step 10

Log out and log back in as user1 to verify that user1 has the same permissions as ops.admin.

Step 11

Log out and log back in as ops.admin, open the user1 record, and remove the ops.admin role.

Step 12

Click the Permissions tab, click the New button, and in the Permissions Details select the following values:

  • Type = Task
  • Create = enabled
  • Read = enabled
  • Update = enabled
  • Commands = Launch
  • Unassigned to Business Service = disabled
  • Member of Business Services = Tech Support
     

Step 13

Click Save, log out of the Controller, and log in as user1.

Step 14

user1 now will be able to see the tasks assigned to the Tech Support group, and launch those tasks. However, user1 cannot see them on the Activity Monitor because user1 was not given permissions on Task Instances.

Assign Permissions to Groups of Users

In this exercise we will assign our last user to a group, then assign permissions to the group instead of to the user.
 

Step 1

Open the user1 record .

Step 2

Click the Member of Groups tab to display a list of groups that user1 belongs to.

Step 3

Click the New button to display Group Details for a new group.

Step 4

In the Name field, enter Group1, and then click the Save button. The Member of Groups list now shoes Group1.

Step 5

Open Group1 and click the Permissions tab to display the list (currently empty) of permissions for Group1.

Step 6

Click the New button and on the Permissions Details, enter / select the following values:

These permissions provides all users in the Group1 full permissions on all activity (task instances) related to the Operations Business Service. Any users you assign to Group1 will inherit these permissions.
 

Step 7

Click Save, log out, and then log in as user1 to check the permissions.



For additional information, see: