Help Center

Adding a Security Role

From the Security page, a new role can be created by building one from the ground up or an existing role can be cloned. This topic will show how to create a new role from the ground up. To create a new role by cloning see the Cloning a Security Role.

Log on to the Web Application - Administration tool and then click the Security item in the left menu panel.

This will open the Security page.

On the Security page go to the 'Security Roles' section and click the Add New Role button.

This will open the 'Add New Security Role' page;

Enter a new role name, e.g. 'Power User', and then click the Next button.

This will open the Role Configuration page.

On the Role Configuration page click the Add New User or Group button.

This will open the Add New User or Group page.

To add a new User or Active Directory Group enter the required user or domain group name into the field on this page. It is recommended that the following formats be used:

Group Names

Each Group Name that is added to Role Based Security must be an existing domain group. The users that will have access will be those user names that have already been established under the specified domain group name.

If the group name registered in the Domain controller is longer than 20 characters, then the verification will fail. This is because we use NET.EXE for account verification, refer to https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/net-add-not-support-names-exceeding-20-characters.

To overcome this, only provide the first 20 characters of the <groupname> in this form.

Format

Example

Accepted login format:

<domain>\<groupname>

xyz\devgroup

<domain>\<username> and \<domain>.<username>

\<domain>.<groupname>

\xyz.devgroup

<domain>\<username> and \<domain>.<username>

<groupname>


Not currently accepted.

<machine-name>\<groupname>

terminal-c\devgroup

<machine-name>\<username> and \<machine-name>.<username>

\<machine-name>.<groupname>

\terminal-c.devgroup

<machine-name>\<username> and \<machine-name>.<username>

User Names

When adding a user name, it should be the same 'user name' that the user will enter on the Web Application Login page.

If the user name registered in the Domain controller is longer than 20 characters, then the verification will fail. This is because we use NET.EXE for account verification, refer to https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/net-add-not-support-names-exceeding-20-characters.

To overcome this, only provide the first 20 characters of the <username> in this form.

Format

Example

Accepted login format:

<domain>\<username>

xyz\johnp

<domain>\<username> and \<domain>.<username>

\<domain>.<username>

\xyz.johnp

<domain>\<username> and \<domain>.<username>

<username>

johnp

<domain>\<username> and \<domain>.<username>

<machine-name>\<username>

terminal-c\sallyp

<machine-name>\<username> and \<machine-name>.<username>

\<machine-name>.<username>

\terminal-c.sallyp

<machine-name>\<username> and \<machine-name>.<username>

Users or Groups can be added or deleted to a 'role' at any time after initial creation by editing the 'role', for details see the Modifying a Security Role.

When complete, click the Add button.

This will re-open the Role Configuration page with the new User/Group name added.

Permissions
In the Permissions section, access to various Web Application functions can be allowed or denied.

Click the radio button against the required permission level for this Role. A new Role will have the permission level set to 'Administration' by default, change this if required.

No Access

No access to the Web Application.

View Systems Only

Access permitted to the 'View Systems' area only. Alerts cannot be acknowledged through the Web Application. Access is denied to the 'Administration' area and administrative tasks cannot be carried out.

View Systems and Acknowledge Alerts

Access permitted to the 'View Systems' area only. Alerts can be acknowledged through the Web Application. Access is denied to the 'Administration' area and administrative tasks cannot be carried out.

Administration















By default, selecting the Administration radio button will give full access to the 'View Systems' area and all functions of the 'Administration' area. However, the checkboxes below will allow (check) or deny (uncheck) access to selected administration functions.

If neither System (Add and Edit) or System (Edit Only) are selected, then the 'UC & Infrastructure Configuration' section on the Administration main panel will not be available.

System (Add and Edit)

Allows access to add new UC systems for monitoring, list configured systems in the Managed Servers panel and edit or remove any existing monitored systems.

System (Edit Only)

Allows access to list configured systems in the Managed Servers panel and edit or remove any existing monitored systems.

Database

Permission to Start and Stop Databases.

Threshold and CI

Permission to Start, Stop and Edit Thresholds and CI Mapping.

Configuration

Permission to Start, Stop and Edit Configurations.

Remote Credential

Display/hide the Remote Credentials panel.

Navigation

Display/hide the Navigation tab

Security

Display/hide the Security tab

Web Reports

Display/hide the Web Reports tab.

Automation

Display/hide the Automation tab.

CRA Create and Update Users

Call Recording Assurance function

CRA View Users

Call Recording Assurance function

CRA Delete Users

Call Recording Assurance function

Customers

This is an optional setting that will restrict the data and alerts that are available to the user. For details see the Adding Customer Selection.

Feature Access

This is a list of features that can normally be accessed by the user from the toolbar buttons on the View Systems tool. When creating a new Role all features are enabled by default. However, if one or more features are not required for this Role, then they can be disabled by unchecking the adjacent checkbox. For details see the Feature Access using Security Roles.

Home Page

This field is used to set a specific Dashboard as the 'Home' page for users assigned to this particular role. If this field is left blank the default Home page will be shown. The 'Home' page is displayed when a user logs on to the View systems tool, or when the Home button on the toolbar is clicked.

Where a user is assigned to multiple roles then a generic 'Home' page should be assigned, for details see the Setting Home Page for Users With Multiple Roles.

Enter the URL of the required home page. To add a URL, open the View Systems tool, navigate to the required dashboard and then copy the URL. When copying the URL, it is recommended that the prefix 'https://<server-address>/Prognosis/Dashboard/' be omitted so that if the webserver address is changed at a later stage, the home page link will continue to function (i.e. add everything after 'Dashboard/').

e.g. CMA%20-%20All%20Clusters%20Central?DefaultNode=Current&Selection=Customer

The Web Browser will add an '&_suid=<number>' field to the URL of each Display, this field can also be omitted when adding a URL.

The Test button can be used to check that the correct dashboard has been added.

After a Home Page has been added click the Update button

Navigation View

This feature is used to set what systems the user can see in the Navigation Panel of the View Systems tool.

The 'Show Navigation' checkbox provides an option to hide the navigation tree on the user interface. When this field is checked, the user will see the navigation tree on the left side of the user interface, when unchecked the user will only see the data Display and navigation will be limited to the links provided on that Display.

The drop-down list box will show any Navigation Views that have already been configured. One of these can be selected or click on the Configure Navigation Views button to create a new view.

After a Navigation View has been assigned click the Update button.

When complete click the Back button, the new role will be added to the Security Roles list.

Provide feedback on this article