Users

System > User Security > Users

The Users page creates and deletes user accounts. This page can also assign users to Roles and Scopes when the user account is created.

Users

Each user must be assigned at least one role and one scope. You can assign multiple roles and scopes to a user, but only one role and one scope is active at any one time. The active role and scope are selected using the Role and Scope drop-down lists in the top-right corner of the page. You can reset the user's password, enable/disable user logons and log off users if you have access to these functions.

Master Users vs. Standard Users

A master user is a VSA user that uses a Master user role and a Master scope. The Master user role provides user access to all functions throughout the VSA. The Master scope provides access to all scope data objects throughout the VSA. A Master user role can be used with a non-Master scope, but a Master scope cannot be used with a non-Master role. KServer management configuration and other specialized functions can only be performed by Master role users. Master role users have an additional ability to take ownership of user-defined data objects. The term standard user is sometimes used to indicate a user that does not use a Master user role and a Master scope. When VSA users are listed on a page, a background of two alternating shades of beige designates Master role users. A background of two alternating shades of grey designates non-Master role users.

Master Users

• Any user can be assigned a Master user role and Master scope, if sufficient roletype licenses exist.
• Master role users can view and operate all navigation and control options provided by the user interface.
• Master scope users can view, add, edit or delete all scope data objects: organizations, machine groups, machines, departments, and service desks.
• Masters can add or delete any user, including other master users. Since even a master user can't delete their own account while logged on, the system requires at least one master user be defined at all times.

Standard Users

• A standard role user cannot see roles they have not been granted permission to see.
• A standard scope user cannot see data objects or users they have not been granted permission to see.
• Standard users can create other users, scopes and roles, if given access to these functions.
• A standard user can not grant access privileges beyond the ones the standard user has.
• Standard users, if permitted function access, can only create other standard users, not master users.
• By default, a new standard user inherits the scopes and roles of the standard user that created him.
• If a master user creates a new standard user, the standard user inherits no scopes or roles. Using this method the master user has to manually assign the scopes and roles of the new standard user.

Machine Users

• Machine users use machines with VSA agents installed on them. They should not be confused with VSA users who can logon to the VSA.
• Machine users can click the agent icon on the machine's system tray to see a VSA Portal Access window of functions and data related to that single machine. Portal Access is called Live Connect when accessed from the VSA.
• Access to Portal Access functions are determined by the machine role the machine is assigned to. Managed machines are assigned to the Default machine role by default and have access to all machine user Portal Access functions, unless limited by a VSA user.
• Data object access from the machine is determined by the Anonymous scope. Currently, the only data objects enabled by the Anonymous scope are Service Desk tickets. All other data seen in Portal Access is generated by the machine itself.

Note: Each user can change their own logon name, password and email address using System > Preferences.

Warning: To simplify management and auditing of your VSA, provide each user with their own unique logon name. Avoid using generic logons like User or Admin. Generic logons make it difficult to audit the administrative actions taken by each user.

Creating a New User

1. Click New. The Add User dialog box displays.
2. Complete the fields in the Add User dialog box.
   • Enter a user name.
   • Enter a password in the Password and Confirm Password fields. Passwords are case-sensitive.

     Note: If you would like the system to generate a strong password for you, click Suggest. The new password is automatically entered in the Password and Confirm Password fields. Be sure to write it down before clicking OK and closing the dialog box.

   • Check the Require password change at next logon checkbox to force the user to enter a new password when they first logon.
   • Enter an email address for the new user.
   • Select an Initial Role for new user.
   • Select an Initial Scope for the new user.
   • Optionally enter a First Name and Last Name.
3. Click Save. The new user displays in the middle pane.

Changing an Existing User Record

1. Click a User displayed in the middle pane.
2. Optional Edit the following attributes of the User record:
   • First Name
   • Last Name
   • Email Address
3. Optionally add or remove roles using the Roles tab.
4. Optionally add or remove scopes using the Scopes tab.
5. Optionally change the password by clicking the Set Password button.
6. Optionally force a user to change their password by clicking the Force Password button.
7. Optionally enable / disable user logons by clicking the Enable or Disable buttons.

Set Password

Select a user in the middle pane and click Set Password to change the password for the selected user. Passwords are case-sensitive.

Force Password

Forces a selected user in the middle pane to change their logon the next time they logon.

Enable / Disable

Select a user in the middle pane and click Enable or Disable to enable or disable a selected user's ability to logon to the VSA. This does not affect users already logged onto the VSA. A Disabled column in the middle pane indicates whether a user is prevented from logging on to the VSA.

Log Off

A column in the middle pane indicates whether a user is currently logged on. Select a logged on user, other than yourself, in the middle pane and click Log Off to log off that user. Users are still logged on if they close their browser without logging off. The Minutes of inactivity before a user session expires setting in System > Logon Policy determines when the inactive user sessions are automatically logged off.

Note: See VSA Logon Policies for a summary of functions affecting user logons.

Topic 4576: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.