Managing users on the SES Evolution administration console
Users access the console with their Microsoft Windows accounts which must be on the same Active Directory domain as the backend component. If this is not the case, then a relationship of trust must be established between the domains.
By default, only the super administrator specified during installation can log in to the administration console. This administrator can then create other users who will also be able to log in.
NOTE
If you rename the Windows account of this super administrator, make sure that you have created a user beforehand with the new name in the SES Evolution administration console. Otherwise you will not be able to log in to the console. For further information, refer to the section Adding users on the administration console.
Each user is assigned a role that defines the user’s profile and restricts the features available in the administration console. Three roles are available by default: Audit, Helpdesk and Administration. New roles can also be created and customized.
Multiple users can connect simultaneously to consoles that manage the same pool.
You must hold the Users-Write privilege to be able to create roles.
- Select the Backoffice > Users menu, then the Roles tab.
- Click on Create a role.
- Enter a name for the role and its description if necessary.
- Click on OK. The new role appears in the list. The most restrictive privileges are applied by default.
- For each privilege, choose the type of access that you want to grant. Every privilege corresponds to a panel in the administration console. By default, only the panels Deployment, Dashboard and Licenses are accessible.
The Lock privilege makes it possible to break locks set up by other users on panels in the console. For more information on locks, see the next section.
You must hold the Users-Modify privilege to be able to add users.
- Select the Backoffice > Users menu, then the Users tab.
- Click on Create a user.
- Select the role to assign to this user:
- Audit: this role makes it possible to view all panels in the console and edit the settings of the user’s own account, but no other modification and deployment operations are possible. This role is dedicated to log reading and agent monitoring.
- Help desk: This role holds the same privileges as the Audit role. In addition, it allows the user to respond to challenges and unlocks locked operations. This role is dedicated to the maintenance of the SES Evolution pool.
- Administration: This role makes it possible to perform all operations accessible in the administration console without restrictions.
- Custom role
- Enter the ID of the Windows account in domain_name\user_name format. Ensure that the ID is accurate as checks will not be performed when the ID is entered. Any errors in the account will only be detected when the user attempts to log in.
- Click on Create.
Multiple users can simultaneously manage the same pool from different hosts.
When a user modifies any of the following resources, they will automatically be locked and no other users can modify them:
- Agent groups,
- Policies,
- Groups of agent handlers.
The entire panel is then locked, i.e., all agent groups, all agent handler groups, all policies or all users. For example, user 1 cannot modify policy A while user 2 modifies policy B.
New groups or new policies cannot be added as well when a panel is locked.
When a user saves or cancels changes, the panel will automatically be unlocked if there are no more objects being edited in this panel.
If a user attempts to modify a locked panel, a message appears in the upper banner indicating which user locked the panel and since when. The user therefore cannot modify anything.
However, if the user’s role includes the Lock - Unlock privilege, the user can then break the lock on the panel using the Break the lock button that appears in the upper banner. This feature is particularly useful when a resource accidentally remains in edit mode for example.
As this operation releases the panel and cancels the other user’s changes in progress, it must be used carefully. In this case, the user who held the lock first will be warned when s/he attempts to save changes.
To break the lock on a panel if you hold the privilege:
- Click on Break the lock in the upper banner.
- Confirm the operation in the window that appears.