4.2 User rights

For normal and restricted users the access rights can be changed in different levels:

·     Site, equipment, measurement: These three objects are in a tree hierarchy. In this tree structure we can choose those items that the user can view. If we appoint an item like this, then all points below it can also be seen by the user. So, if e.g. the user gets the right for the ROOT item (zero level site), then he can view everything. If the user gets the right for one site, then he can see all sites, equipment and measurements below it; but if he gets the right only for the equipment, then he can view only that equipment and its measurements; and if he gets right to the measurement only, then only that measurement can be viewed. It is important to note that the rights can be given only for the base hierarchy; it cannot be given for a virtual site, equipment or public chart, since for these the system calculates the permissions from that of the corresponding base objects. Also the lowest level, the measurement level is only available if the ENABLE_MEASUREMENT_LEVEL_RIGHTS configuration parameter is set to 1.

·     Report: For each individual report the user access can be set independently, that will be later combined with the access rights specified for the related site-equipment, so for instance in a chart containing sites only those rows are displayed for which the user has the rights to see.

·     Threshold: May the user see the threshold violations or not. If he/she can, then the system calculates also the domain of the viewable thresholds automatically based on the privileges of the base object. This entry is missing for the restricted administrators because they have always the right to see (and edit) thresholds.

·     Display deleted: May the user see the deleted objects. This entry is missing for the restricted administrators because they have always the right

·     Diagnostic pages: Whether the user is allowed to use the diagnostic pages found on the Measurement and Alarm pages in the Operation drop-down list when viewing an equipment (for example Oracle session, Netflow analysis, …)

·     Data export functionalities: Whether the use is allowed to export every chart of an equipment into a CSV/Excel file and whether he can configure scheduled equipment or report sending

Restricted administrator cannot get specific right for a measurement, because their rights can only be set at site and equipment level. They also have automatically right for all of the non-object level user rights. However the user needs separate rights for those sites and equipments which he is allowed to modify.

The administration of rights can be reached by choosing Settings => User => User and group rights menu. The restricted administrators need additional configuration for those sites and equipments which he is allowed to modify, these can be set in the “Restricted administrator rights” menu. For modification you have to choose first the user and decide whether the equipments and the measurements should also be included in the list of displayed objects or not. A window appears after this; the rights currently not assigned to the user appear on the left side and the rights assigned to him on the right side. We can select more than one from either of these lists and move them to the other side by clicking on the appropriate arrow and we can also filter both lists by using the filter field above them and clicking on the OK button. The program automatically filters out the elements whose parent – already available in the hierarchy above – is present. So if we mark all basic equipment and sites and move them to the right hand side of the window, then after saving the modification only the ROOT object (the topmost) will remain in the right hand side list. It is obviously recommended that only those elements should be moved that are necessary (will not get removed) to speed up the process of saving.

If we modify an user as a restricted administrators then we can grant right only for those objects for which we have right as well. Later on an administrator can grant more right to the user. However it is important to mention that if the right setting for a restricted administrator is edited (even if there wasn’t any change) then the system automatically checks all users created by that restricted administrator and revokes the right for all objects for which that restricted administrator doesn’t have right.

The user can view certain measurements without any special settings, those that belong to some of the agents. This is true only if the user can view the equipment, and the measurement of the agent is the same as the name of the equipment, or starts with that name and is followed by a space.

The set of visible public virtual sites, pieces of equipment and charts are determined automatically based on the measurement objects accessible by the user. For example:

·       The user can only see a public virtual site if he/she has the right to view its real or virtual parent site

·       The user can view a virtual piece of equipment if he/she has the right to see all charts of that equipment.

·       The user can see a public chart if he/she can view all measurements displayed on the chart.

Figure 13. User rights