Managing users on the SES Evolution administration console

Users access the console with their Microsoft Windows accounts which must be on the same Active Directory domain as the backend component. If this is not the case, then a relationship of trust must be established between the domains.

By default, only the super administrator specified during installation can log in to the administration console. He/she can then add other users or groups of users who will be able to log on in turn.

NOTE
If you rename the Windows account of this super administrator, make sure that you have created a user beforehand with the new name in the SES Evolution administration console. Otherwise you will not be able to log in to the console. For further information, refer to the section Adding users on the administration console.

Each user or group is assigned a role that defines their profile and restricts the functionalities available in the administration console. Three roles are available by default: Audit, Helpdesk and Administration. New roles can also be created and customized.

EXAMPLE
You can create an AdministratorsSES Evolution group in Active Directory, add it to SES Evolution, and assign it the Administration role. In this case, all users in the group will automatically have administrative privileges in the SES Evolution console. You will not need to add them individually.

Multiple users can log on simultaneously to consoles managing the same pool.

Only a user with the Administration role is authorized to add other users.

  1. Choose the Backoffice > Users menu, then the Roles tab.
  2. Click Edit in the top banner, then click on Create role.
  3. Enter a name for the role and its description if necessary.
  4. Click on OK. The new role appears in the list. The most restrictive privileges are applied by default.
  5. For each privilege, choose the type of access that you want to grant. Every privilege corresponds to a panel in the administration console. By default, only the panels Deployment, Dashboard and Licenses are accessible.
    The Lock privilege makes it possible to break locks set up by other users on panels in the console. For more information on locks, see the next section.

Only a user with the Administration role is authorized to add other users or groups.

  1. Choose the Backoffice > Users menu, then the Users and groups tab.
  2. Click on Edit in the top banner, then on Add in the Users or Groups area.
    An empty line is displayed.
  3. You can:
    • Click on the icon to the right of the line to select a user/group in the Active Directory.
    • Manually enter an Active Directory user name/group using the syntax DomainName\samAccountName for a user, and samAccountName for a group.
    • Enter a local user name manually.

    SES Evolution checks the validity of the user/group and displays its status on the right. Hover your mouse over the icon in the Status column to obtain more information.

     

  4.  Select the role to assign to the user/group:
    • Audit: this role makes it possible to view all panels in the console and edit the settings of the user’s own account, but no other modification and deployment operations are possible. This role is dedicated to log reading and agent monitoring.
    • Help desk: This role holds the same privileges as the Audit role. In addition, it allows the user to respond to challenges and unlocks locked operations. This role is dedicated to the maintenance of the SES Evolution pool.
    • Administration: This role makes it possible to perform all operations accessible in the administration console without restrictions.
    • Custom role
  5. In the Group area, sort the groups by priority using the arrows in the Order column. If a user belongs to more than one group, he or she is assigned the role of the group with the highest priority.

If a user is declared individually AND via a group, the individual user role is assigned.

Multiple users can simultaneously manage the same pool from different hosts.

When a user modifies any of the following resources, they will automatically be locked and no other users can modify them:

  • Agent groups,
  • Policies,
  • Groups of agent handlers.

The entire panel is then locked, i.e., all agent groups, all agent handler groups, all policies or all users. For example, user 1 cannot modify policy A while user 2 modifies policy B.

New groups or new policies cannot be added as well when a panel is locked.

When a user saves or cancels changes, the panel will automatically be unlocked if there are no more objects being edited in this panel.

If a user attempts to modify a locked panel, a message appears in the upper banner indicating which user locked the panel and since when. The user therefore cannot modify anything.

However, if the user’s role includes the Lock - Unlock privilege, the user can then break the lock on the panel using the Break the lock button that appears in the upper banner. This feature is particularly useful when a resource accidentally remains in edit mode for example.

As this operation releases the panel and cancels the other user’s changes in progress, it must be used carefully. In this case, the user who held the lock first will be warned when s/he attempts to save changes.

To break the lock on a panel if you hold the privilege:

  1. Click on Break the lock in the upper banner.
  2. Confirm the operation in the window that appears.