User administration
Starting with version 3.28, WebControl offers the possibility to manage user rights. User rights are an optional feature, WebControl can be used after installation without setting up user rights without restrictions.
After installation, user rights can only be managed by users with the *SECOFR permission. Logged-in users with this right also always have all possible permissions in WebControl, i.e. the status *SECOFR always overwrites all user rights set in WebControl.
The rights management is always done via roles. In the roles, permissions are defined and the users are assigned to the roles. Users with the user administration or *SECOFR right can call up the user administration via the menu at the top right.
This is divided into two areas: "Roles and Rights" and "Users".
Three roles are predefined and cannot be edited or deleted. Only users can be assigned to them:
- Administrator
Has all user rights including user administration. - Standard user
Has all user rights without user administration. - Monitoring
Only has the rights for the monitoring area and the dashboard. May not execute commands or restart sessions and subsystems.
Additionally own roles can be created.
Managing roles and rights
Roles and Rights shows all available roles, which can be opened by clicking on the entry. On the left side you will then see a tree structure with the user rights, which mainly corresponds to the categories of WebControl with the pages assigned to them. Below the pages you will find the individual permissions for the area.
These authorizations are divided into:
- Call page
Allows you to open the page and view data. This will make the page appear in the navigation and, if necessary, in the context menu. - Create
Allows the creation of new records, as well as the export and import of entries and data. Together with the "Run System → commands" permission, sessions can be re-executed and server entries can be started. - Edit
Allows the editing of entries - Delete
Allows you to delete entries
The user rights can be set by checking the checkboxes, whereby a parent checkbox always changes the authorization for all subordinate areas. The permission "Call page" is always a prerequisite for other permissions in an area and is automatically set as soon as these are selected.
The item "System" contains the item "Execute commands". This permission applies to all pages and controls all processes that call up a System- or i-effect command: Start server entries, re-execute session, import i-effect license, etc.
Under "Settings" you will find permissions for the Settings page, which correspond to the tabbed sections of this page.
The own user rights as well as profiles of users with the special right *SECOFR cannot be changed or deleted.
Name of the role
On the right hand side the name of the role can be changed and saved via the button "Save name".
Active / allow login
If this checkbox is set, users with this role are allowed to login. If this checkbox is unchecked, all users with this role can be blocked at once - if the role is defined as default, no new users without *SECOFR rights can log in.
Assigned users / Add users
A list of all users assigned to the role and the option to add additional users to the role. New users are added using a search box that lists all users available on the system. Only user profiles existing on the system can be added as WebControl users.
A user can never be assigned to only one role and cannot be deleted below a role. It can only be added to another role.
Default profile
A role can be defined as standard. This means that it is automatically assigned to new users who have not yet been added in the user value management when they first log in.
Create role
With the duplicate icon on the right side, a role and its permissions can be duplicated. The same function is available via the "Create role" button, where an existing role must also be selected as a template.
The name of the role is only for overview purposes and can also contain a short description. Create new roles No users are assigned to roles yet.
User
This tab displays all users known to WebControl with their assigned role, special rights and active status. Existing users can be deleted. By expanding the table row, the user can be assigned a different role.
With the checkbox in the column "Active" a user can be deactivated, which prevents him from logging on to WebControl. This is still the only way to prevent a user from logging in permanently. If the user is only deleted, he can still log on again and will have the user role defined as default.
When a user is deleted, all his or her settings such as filters, page layout, etc. are deleted.
Add user
Adds a new user under a selectable role. All profiles available on the system that have not yet been set up in WebControl are displayed for selection.