Role Based Access Control
This page reviews the GroundWork Monitor default system users, roles and permissions managed from the Administration menu option.
A users menu options and inventory access is based on their role.
- GROUPS: Roles are assigned access to the inventory for the entities host groups, service groups, and custom groups. This controls what users can see.
- MENU ITEMS: Roles are assigned access to applications via the Menu Editor. This controls which menu items are available to roles.
- USERS: Roles are assigned to users. This determines users access.
Default system users and roles
By default, the GroundWork Monitor system users include admin, operator, and user,
and system roles include Admin, BSM-Admin, BSM-User, Operator, and User. The default system users and roles cannot be deleted.
Groups and roles
Roles can be assigned specific host groups, service groups, and or custom groups. This ability controls which users are able to view which monitors.
Assigning any group type sets a restriction for a role. If a role is left with unrestricted access to any group type, the role gets full access.
This this example, the East Region role and any users assigned this role will be restricted to the host groups DOCK-M:cadvisor and HG2, the service group SG1, and the custom group Docker.
Roles are assigned to users. In the image below you can see the user operator is assigned the role Operator.
Menu items and roles
To control what a user can access, Roles are assigned to menu items.
The Menu Editor feature allows administrators to customize the GroundWork menu by modifying top-level and sub-menu items, and assigning secure access by role. See How to manage menu items for details.
For example, in Administration > Menu Editor, each menu item shows its associated Role(s) which determines access. Access by all roles are indicated by the * symbol.
Clicking the Dashboards folder (from above) displays its sub-level menu options.
The menu options Graphs and Log Analysis have the assigned role of Admin, where the other dashboards are accessible by all roles.
This means all Roles can access the top level Dashboards menu option, however only the Admin role can access the sub-menu options Graphs and Log Analysis.
The table below outlines the GroundWork menu structure listing the top-level options, sub-level components, and the default roles assigned.
For example, the menu folder Administration, has several underlying Components, each with their role Assignment. Users assigned the Admin role can access all Administration menu items, all other roles can only access My Account.
|Administration||My Account, Users, Roles, LDAY, Security, License, Plugins, Audit Log, and Menu Editor.||Admin role is assigned to all components, except My Account is assigned all * roles.|
|Configuration||Nagios Monitoring, Downtime, BSM and SLAs, Auto Discovery, Cloud Hub, Network Discovery, Notifications, Devices, Custom Groups.||Admin role is assigned to all components, except Nagios Monitoring is assigned all * roles, and BSM and SLAs is assigned Admin, BSM-Admin roles.|
Note: All Nagios Monitoring underlying components are assigned Admin role, except Hosts is assigned all * roles.
|Dashboards||Status, Insight, Hit List, NOC Board, Events, SLA Carousel, Graphs, Log Analysis, VMware, Nagios||All * roles are assigned to all components, except Graphs, Log Analysis, and Nagios are assigned Admin role.|
|Reports||SLA Reports, Custom Reports||All * roles are assigned to all components, except SLA Reports is assigned Admin, BSM-Admin roles.|
Adding Certificates to HTTPS (Documentation)
Configuration Files (Documentation)
How to configure LDAP (Knowledge Base)
How to create a new role (Knowledge Base)
How to create a new user (Knowledge Base)
How to manage menu items (Knowledge Base)
How to manage system security (Knowledge Base)
How to track system changes (Knowledge Base)
LDAP Mapping (Documentation)
Menu Editor (Documentation)
NeDi Flowi NetFlow sFlow and packet capture (Documentation)