/
Users and Groups

Users and Groups

Owned by Stonebranch (Deactivated)
Last updated: Sept 05, 2023

Overview

You can create any number of users and user groups for Universal Controller, and you can assign any user to any user group.

The roles and permissions that you assign each user and group determines the level of access to Universal Controller functions.

You can assign any role and permission to any user or any user group. If you assign a user to a group, the user inherits all roles and permissions assigned to that group.

See LDAP Settings for information on how to set up Universal Controller to use LDAP authentication for:

Default Users and Groups

Default User

The default Universal Controller user is ops.admin. It is assigned to one of the default Universal Controller groups, Administrator Group.

Default Groups

There are two default groups:

  • Administrator Group has access to all Controller functions; by default, it is assigned the ops.admin role, which has permissions on all Controller functions.
  • Everything Group has access to all functions that do not require the ops.admin role.

Adding a User

Note

You must have administrative permissions to add users.

By default, a new user has no permissions. Until permissions are granted, a user can log into the Universal Controller user interface and view options in the Services, but cannot perform any tasks.
 

Step 1

From the Administration navigation pane, select Security > Users. The Users list displays a list of all currently defined users.
 
To the right of the list, User Details for a new user displays.
 

Step 2

Enter/select Details for a new user, using the field descriptions below as a guide.

  • Required fields display an asterisk ( * ) after the field name.
  • Default values for fields, if available, display automatically.

To display more of the Details fields on the screen, you can either:

  • Use the scroll bar.
  • Temporarily hide the list above the Details.
  • Click the New button above the list to display a pop-up version of the Details.

Step 3

Optionally, assign one or more roles to the user, assign the user to a group, or assign permissions to this user.

Step 4

Click a Save button. The user is added to the database, and all buttons and tabs in the User Details are enabled.

Note

To open an existing record on the list, either:

  • Click a record in the list to display its record Details below the list. (To clear record Details below the list, click the New button that displays above and below the Details.)
  • Clicking the Details icon next to a record name in the list, or right-click a record in the list and then click Open in the Action menu that displays, to display a pop-up version of the record Details.
  • Right-click a record in the a list, or open a record and right-click in the record Details, and then click Open In Tab in the Action menu that displays, to display the record Details under a new tab on the record list page (see Record Details as Tabs).

User Details

The following details identifies the roles and permissions required to read and update user details.

Roles Permissions Fields
  • ops_admin
  • ops_user_admin
  • Read any user.
  • Edit any user.
  • All
  • ops_service
  • Read any user.
  • none
  • Read its own user record (details).
  • Read its own Role, Permissions, and Member of Groups (group membership),
    but cannot read any Group record.
  • Update specific fields in its own details (see Fields).

  • First Name

  • Middle Name

  • Last Name

  • Email

  • Time Zone

  • Title

  • Department

  • Business Phone

  • Mobile Phone


The following User Details is for an existing user. See the field descriptions, below, for a description of all fields that display in the User Details.


 

User Details Field Descriptions

The following table describes the fields, buttons, and tabs that display in the User Details.
 

Field Name

Description

Details

This section contains detailed information about the user.

User ID

Log in ID for this user.

Password

Password of this user.

Note

The hint for this field, as well as the information icon, will display any current characteristics and restrictions for Passwords as defined in Password Settings.

First Name

First name of this user.

Middle Name

Middle name of this user.

Last Name

Last name of this user.

Name

Automatically generated from the First Name and Last Name of this user.

Email

Email address of this user.

Password Requires Reset

If enabled, the user will be prompted to reset the password at next login.

Locked Out

If enabled, locks out the user. This field is enabled automatically if the maximum number of successive failed login attempts has been reached by the user.

Login Method

Login method(s) that the user can authenticate with. You can use the Ctrl key to select multiple methods. Only one of Standard or Standard / Authenticator App (TOTP) can be selected, not both.
 
Options:

  • Standard
  • Single Sign-On
  • Standard / Authenticator App (TOTP)

Time Zone

Time zone of this user. When this user logs in, all scheduling times will be shown in the user's time zone, unless the trigger specifies a different time zone.

Title

Business title of this user.

Department

Business department of this user.

Manager

Business manager of this user.

Business Phone

Business phone number of this user.

Mobile Phone

Mobile phone number of this user.

Web Browser Access

Specifies whether or not the user can log in to the user interface.
 
Options:

  • System Default - User restriction for logging in to the user interface is based on the current system default value of the System Default Web Browser Access Universal Controller system property.
  • Yes - User is not restricted from logging in to the user interface.
  • No - User is restricted from logging in to the user interface.

Command Line Access

Specifies whether or not the user can log in to the Universal Controller Command Line Interface (CLI).
 
Options:

  • System Default - User restriction for logging in to the CLI is based on the current system default value of the System Default Command Line Access Universal Controller system property.
  • Yes - User is not restricted from logging in to the CLI.
  • No - User is restricted from logging in to the CLI.

Web Service Access

Specifies whether or not the user can log in to the Universal Controller RESTful Web Services API.
 
Options:

  • System Default - User restriction for logging in to the Universal Controller Web Services is based on the current system default value of the System Default Web Service Access Universal Controller system property.
  • Yes - User is not restricted from logging in to the Universal Controller Web Services.
  • No - User is restricted from logging in to the Universal Controller Web Services.

Active

If enabled, the user ID is active and the user can log in. If disabled, the user is deactivated; the user will not appear in user lists and cannot be used for access to the Controller.
Personal Access Tokens  This section contains assorted detailed information about the applications that will access the Universal Controller Web Service APIs using the personal access token. 
Expiration  Specifies when the personal access token expires. If left unspecified, the token never expires.
User Impersonation

This section specifies the users that can be impersonated by this user on Universal Controller Web Service requests. 
Allowed Impersonation Users

Specifies the users that can be impersonated by this user using the X-Impersonate-User HTTP header on Web Service requests.

User impersonation requires the ops_user_impersonate role.

Users with the ops_admin role can impersonate any user and do not need to specify Allowed Impersonation Users. 

Metadata

This section contains Metadata information about this record.

UUID

Universally Unique Identifier of this record.

Updated By

Name of the user that last updated this record.

Updated

Date and time that this record was last updated.

Created By

Name of the user that created this record.

Created

Date and time that this record was created.

Buttons

This section identifies the buttons displayed above and below the User Details that let you perform various actions.

Save

Saves a new user record in the Controller database.

Save & New

Saves a new record in the Controller database and redisplays empty Details so that you can create another new record.

Save & View

Saves a new record in the Controller database and continues to display that record.

New

Displays empty (except for default values) Details for creating a new record.

Update

Saves updates to the record.

Delete

Deletes the current record.

Refresh

Refreshes any dynamic data displayed in the Details.

Close

For pop-up view only; closes the pop-up view of this user.

Tabs

This section identifies the tabs across the top of the User Details that provide access to additional information about the user.

User Roles

Allows you to assign roles to this user.

Member of Groups

Allows you to assign this user to one or more groups.

Note

Universal Controller only supports a user being a member of 1,000 groups or less.

Permissions

Allows you to assign permissions to this user.

Adding a Group

Note

You must have administrative privileges to add groups.

A group is a collection of users. You can assign privileges and roles to groups or users. You can also assign groups to other groups.

Any user assigned to a group inherits all roles and permissions assigned to that group.
 

Step 1

From the Administration navigation pane, select Security > Groups. The Groups list displays a list of all currently defined groups.
 
To the right of the list, Group Details for a new group displays.
 

Step 2

Enter/select Details for a new group, using the field descriptions below as a guide.

  • Required fields display an asterisk ( * ) after the field name.
  • Default values for fields, if available, display automatically.

To display more of the Details fields on the screen, you can either:

  • Use the scroll bar.