ThinMan Access Control Requirement
In order to use the ThinMan Access Control it is necessary to have the Admin+ Feature Pack
¶ ThinMan Access Control
ThinMan Access Control allows to define a list of Local/LDAP users that can access ThinMan Local/Remote Console and to set his privileges (in terms of Roles and permissions).
When the ThinMan Access Control is enabled, a login window will appear every time the ThinMan Local Console is opened.
Select the appropriate Member of (ThinManRoot, ThinMan Local User, Domain), enter the Username, its Password and click on OK. For more information, about user configuration, read Local User Configuration and LDAP Server Configuration.
¶ Initial Configuration
Go to menu Tools -> ThinMan Access Control.
In order to activate the ThinMan Access Control, it is necessary to enable the ThinManRoot user, who is the main administrator of the local console, entitled to use all the ThinMan features.
Proceed by clicking on Set Password.
Enter the password and click OK to confirm the operation.
It is possible to change ThinManRoot user password. However, the old password is required.
ThinManRoot Password Warning
Remember the ThinManRoot is the only user that can access all ThinMan functionalities and it is required to open the Local Console. Be careful to save the ThinManRoot password in a secure place since it is not possible to recover it.
ThinManRoot User & ThinMan Remote Console
The ThinManRoot user cannot be used to open the ThinMan Remote Console.
¶ ThinMan Access Permissions Roles
¶ Roles
A Role is a set of features that users and groups are entitled to.
Roles cannot be created but only assigned to users and groups.
There are a lot of predefined roles, and they are strictly connected to the tree on the left side of ThinMan user interface:
- Devices Administrator
- Devices User
- Network Administrator
- Network User
- ThinMan Gateways Administrator
- ThinMan Gateways User
- Classifier Administrator
- Classifier User
- Scheduled Activities Administrator
- Scheduled Activities User
- Event Activities Administrator
- Event Activities User
- Profiles Administrator
- Profiles User
- Smart Identity Administrator
- Smart Identity User
For each tree there are two separated segments, Administrator and User:
- Administrator is entitled to use all features on the relative tree.
- User is entitled only to use a subset of features, and they cannot modify any object in the corresponding tree.
¶ ThinMan Groups Filter
ThinMan Access Control allows configuring which Devices or Groups are visible (or rather manageable) by users.
Whether a user has a Groups Filter associated, he can only manage devices belonging to the configured Devices or Groups. He cannot operate on devices that are outside those configured groups.
Restricting the user access to specific Groups is particularly helpful when many users managed the ThinMan Console. Use this option to avoid interference among ThinMan users.
E.g. Suppose to configure two users named test01 and test02 to act respectively only on the groups DEV and MKT. Once they are logged in the ThinMan console, they can operate only on devices belonging to the group DEV and MKT.
¶ Adding ThinMan Access Permissions Roles
Go to menu Tools -> ThinMan Access Control.
It will be shown the list of all users and groups authorized to access ThinMan Local/Remote Console.
¶ How to add a local user in ThinMan Access Control
Be sure the local user has been previously created (see Options - Local User Configuration).
From the ThinMan Access Control window click on Add.
As Source select ThinMan Local User.
Select a user from the list and click on Next.
Select/unselect the roles assigned to the user (see Roles for a detailed explanation) and click on Next to continue.
From the Group Filter, select Active whether you want the user to visualize only certain groups in the Devices tree. Click on Finish.
Note
ThinMan Groups Filter can be enabled only on users that do not own roles regarding Network, Gateway, Scheduled Activities, Event Activities, Profiles Management and Smart Identity.
The user is now configured with his roles and can now access to ThinMan console. Users or groups with an asterisk ("*") near the role means that the user has a defined Groups Filter.
¶ How to add an Active Directory user or group in ThinMan Access Control
Before adding an LDAP user in the ThinMan Access Control be sure an LDAP Server has been configured (see Options - LDAP Server Configuration).
The procedure is similar to the previous one.
From the ThinMan Access Control window click on Add.
Select as Source Domain:....
If you know the username to be added, write it on Text, otherwise leave it on blank and then click on Search.
Select one of the users and click on Next to continue.
Select/unselect the roles assigned to the user or group (see Roles for a detailed explanation) and click on Next.
From the Group Filter, select Active whether you want the user to visualize only certain groups in the Devices tree. Click on Finish.
Note
ThinMan Groups Filter can be enabled only on users that do not own roles regarding Network, Gateway, Scheduled Activities, Event Activities, Profiles Management and Smart Identity.
The user or the group is now configured with its corresponding roles. These users have now access to ThinMan Local/Remote Console.
The users will be able to access the Local/Remote console with the features assigned to their roles.
