Setting Up User Permissions
The eiDashboard can be configured with additional users. This page covers creating users and setting permissions.
Log into the eiDashboard
Log into the eiDashboard using the username and password set in the eipSettings.conf file.
Go to Security > Capabilities
On the left panel, click on the “Security ” link. Then select the “Capabilities” tab near the top right corner of the page.
This page is used to set up permissions for users. The page is made up of four panels:
- The Capability panel lists the currently configured capabilities. New capabilities can be added, and existing capabilities can be edited or deleted.
- The Component Access Rules panel shows the component restrictions for the capability. This can be used to limit a user to only some interfaces and routes.
- The Api Access Rules panel shows the actions that can be performed. This can be used to give a user the ability to enable and disable routes, create other users, access logs, etc.
- The Page Access Rules panel shows the pages that can be accessed.
Create a New Capability
In the Capability panel, click on the purple plus icon to add a new capability. In the Add Record dialog, enter the following:
Name: Dashboard User
Description: Regular Dashboard User
Then click on the Submit button.
The Capability list will be updated to include the newly created capability.
Grant Access to All Interfaces
- Ensure that the “Dashboard User” capability is selected by clicking on its row in the Capability table.
- Click on the blue “gears” icon in the Component Access Rules panel.
- Select the “ROOT” component.
- Click on the Submit button.
This will grant access to all interfaces and routes.
Note: Only selected components will be visible on the user’s Dashboard, Interface Status, Transaction Logs, and Configuration pages.
Grant API Rights
Click on the “gears” icon in the Api Access Rules panel. In the dialog select “logs”, “dashboard-user”, and “route-management”. Then click on the Submit button.
This will give the user the ability to view the log files, access the core functionality of the eiDashboard, and enable/disable routes.
Note: This panel also limits the rights to the eiPlatform REST API. Rights to individual API methods can be granted by clicking on the purple plus icon and entering in a regular expression.
Grant Page Access Rights
Click on the blue “gears” icon in the Page Access Rules panel. Select “dashboard”, “interface-status”, “runtime”, “configuration”, and “eiplogs”. Then click on the Submit button.
Each of the check boxes corresponds to a page in the eiDashboard. Selecting a page will allow the user to go to that page. API rights may also need to be granted to allow the user to perform actions on the page.
Add a User
- Click on the Users tab (located near the top right corner of the page).
- Under the Users panel, click on the purple “plus” icon to add a user.
- In the dialog, enter the name “test”, the password “test”, and the full name “Test User”.
- Click on the Submit button.
This will create a new “test” user. Capabilities can be granted to individual users by selecting the desired capabilities in the “Capability” table. The capabilities can also be granted to groups of users as shown below.
Add a Group
- Click on the “Add group” icon to add a new group of users.
- For the “Name”, enter “Dashboard Users”.
- In the Capability list, select the “Dashboard User” capability that was created previously.
- In the Users list, select the newly created “test” user
- Click on the Submit button to create the new group.
The “Group” functionality provides a way to grant capabilities to a collection of users in one place. Users can be included in multiple groups. Users that are members of multiple groups will have all of the capabilities of each of those groups. In other words, capabilities are additive.
Login as User
Click on the orange “Log out” button (located near the top right corner of the page). Then log back in as the “test” user (username: test, password: test). Notice that the user has limited access.