Creating and Managing Access Keys

Download this manual as a PDF file

This section describes the layout and functionality of the Access Keys and Access Hooks pages, and includes step-by-step instructions on how to create an Access Key.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all the menu options, click the Advanced menu icon ().

This section includes the following topics:

The Access Hooks Page

To navigate to the Access Hooks page, go to System > Manage > Access Hooks:

Viewing the List of Access Hooks

The Access Hooks page (System > Manage > Access Hooks) displays a list of all Access Hooks in SL1. For each Access Hook, the page displays the following:

To sort the list of access hooks, click on a column heading. The list will be sorted by the column value, in ascending order. To sort by descending order, click the column heading again.

  • Category. Functional category assigned to the Access Key.
  • ID. Alphabetic ID that describes the access hook. These IDs have a uniform format. The first part of the ID (up to the first underscore character) describes the functional area in SL1. For example "AST_" stands for Asset Management and "DASH" stands for dashboards. The remaining parts of the ID further describe the location in SL1 and the actions allowed with the Access Hook. For example "CRED_SNMP_ADDREM" means that the Access Hook affects credentials, specifically SNMP credentials, and allows the user to add and remove SNMP credentials.

  • Name. Name of the Access Hook.
  • # Aligned Keys. Number of Access Keys that the Access Hook is aligned to. Clicking on the padlock icon () displays the Access Key Alignment modal page, which displays the list of aligned Access Keys for this hook.
  • Description. Description of the Access Hook.

NOTE: By default, the cursor is placed in the first Filter-While-You-Type field. You can use the <Tab> key or your mouse to move your cursor through the fields.

The Access Keys Page

To navigate to the Access Keys page, go to System > Manage > Access Keys:

Viewing the List of Access Keys

The Access Keys page (System > Manage > Access Keys) displays a list of all Access Keys that have been created. For each Access Key, the page displays the following:

To sort the list of Access Keys, click on a column heading. The list will be sorted by the column value, in ascending order. To sort by descending order, click the column heading again.

  • Name. Name of the access key.
  • Category. Functional category assigned to the key.
  • # Aligned Users. Number of user accounts that have been granted this key.
  • # Aligned Policies. Number of user policies that have been granted this key.
  • Description. Description of the access key.

NOTE: By default, the cursor is placed in the first Filter-While-You-Type field. You can use the <Tab> key or your mouse to move your cursor through the fields.

Default Access Keys

SL1 includes default Access Keys to use with the most common user profiles and the most common tasks in SL1. These default Access Keys are intended as a starting point for administrators to develop a set of access keys that meet their needs. You can edit the default Access Keys; the default Access Keys excluding Grant All are not modified when a system is updated with the latest software. The Grant All key is always updated to include all Access Hooks excluding "Key Manager"

You can use the default Access Keys and user policies to assign groups of users the appropriate Access Keys. For details on user policies, see Organizations and Users.

You are not required to use the default access keys.

Access Key Description Aligned Access Hooks Useful For
Asset - View Allows users to view asset records.

Asset:View

Registry>Assets>Manager

Registry>

Customers

Help Desk

Other staff who require view-only access to Asset Records

Asset - Administration Allows users to create, edit, and delete asset records.

Asset:Add

Asset:Edit

Asset:Remove

Asset:View

Registry>Assets>Manager

Custom Select Objects:Asset Add/Edit/Delete

Registry>

Network Engineers

System Administrators

NOC Staff

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Dashboard - Administration Allows users to create, edit, and delete dashboards.

Dash:Add/Rem

Dash:Add/Rem Shared

Dash:Edit

Dash:Edit Shared

Dash:Share

Dash:View

Dash:View Shared

Dash:Widget:Add/Rem

Dash:Widget:Edit

Network Engineers

System Administrators

NOC Staff

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Dashboard - View Grants view access to shared dashboards

Dash:View

Dash:View Shared

Customers

Help Desk

Other staff who require view-only access to Dashboards

Dashboard - Widget Developer Grants create and edit permissions for dashboards and permission to create and edit widget definitions

Dash:Add/Rem

Dash:Edit

Dash:Share

Dash:View

Dash:View Shared

Dash:Widget:Add/Rem

Dash:Widget:Edit

System>Customize>Dashboard Widgets

Content Developers

Devices - Information View

Grants view access to device configuration, performance data, and device events.

Dev:Events Summary

Dev:IF Graphs

Dev:Performance Graphs

Dev:View Profile

Dev:View Summary

Registry>Devices>Device Manager

Registry>

Customers

Help Desk

Other staff who require view-only access to Devices

Devices - Operator Access Grants view access to all information associated with a device and allows a user to run device toolbox commands

Dev:Collections

Dev:Events Summary

Dev:IF Graphs

Dev:Interfaces

Dev:Logs

Dev:Monitors

Dev:Notes

Dev:Performance Graphs

Dev:Process View

Dev:Remove

Dev:Schedule

Dev:Thresholds

Dev:Tickets

Dev:Tools

Dev:Tools:ARIN  Whois

Dev:Tools:ARP Lookup

Dev:Tools:ARP Ping

Dev:Tools:Deep Port Scan

Dev:Tools:FTP

Dev:Tools:Forward DIG

Dev:Tools:Ping Tool

Dev:Tools:Port Scan

Dev:Tools:Reverse DIG

Dev:Tools:SNMP Dump

Dev:Tools:SNMP Walker

Dev:Tools:SSH

Dev:Tools:Secure Web

Dev:Tools:Telnet

Dev:Tools:Terminal

Dev:Tools:Traceroute

Dev:Tools:Web

Dev:Tools:Web Policy

Dev:Topology

Dev:View

Dev:View Details

Dev:View Profile

Dev:View Services

Dev:View Summary

Registry>Devices>Device Components

Registry>Devices>Device Manager

Registry>Devices>Hardware

Registry>Devices>Processes

Registry>Devices>Services

Registry>Devices>Software

Registry>Devices>Device Relationships

Network Engineers

NOC Staff

Devices - Administration Grants view, edit, and delete permissions for devices, device groups, device templates, monitoring policies, and interfaces

DevGroup:Add/Rem

DevGroup:Edit

DevGroup:View

Registry>Devices>Groups

Dev:Collections

Dev:Edit

Dev:Edit Class

Dev:Events Summary

Dev:IF Graphs

Dev:Interfaces

Dev:Logs

Dev:Monitors

Dev:Notes

Dev:Performance Graphs

Dev:Process View

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Devices - Administration (continued)

Dev:Redirects

Dev:Remove

Dev:Schedule

Dev:Template:Add/Remove

Dev:Template:Edit

Dev:Template:View

Dev:Thresholds

Dev:Thresholds:Dynamic App

Dev:Thresholds:Retention

Dev:Tickets

Dev:Tools

Dev:Tools:ARIN  Whois

Dev:Tools:ARP Lookup

Dev:Tools:ARP Ping

Dev:Tools:Deep Port Scan

Dev:Tools:FTP

Dev:Tools:Forward DIG

Dev:Tools:Ping Tool

Dev:Tools:Port Scan

Dev:Tools:Reverse DIG

Dev:Tools:SNMP Dump

Dev:Tools:SNMP Walker

Dev:Tools:SSH

Dev:Tools:Secure Web

Dev:Tools:Telnet

Dev:Tools:Terminal

Dev:Tools:Traceroute

Dev:Tools:Web

Dev:Tools:Web Policy

Dev:Topology

Dev:View

Dev:View Details

Dev:View Profile

Dev:View Services

Dev:View Summary

Registry>Devices>Device Components

Registry>Devices>Device Manager

Registry>Devices>Hardware

Processes Registry>Devices>

Registry>Devices>Services

Registry>Devices>Software

Registry>Devices>Templates

Registry>Devices>Device Relationships

Registry>

Networks:Interfaces:Edit

Networks:Interfaces:View

Registry>Networks>Interfaces

Monitor:Add/Rem

Monitors:Edit

Registry>Monitors>Domain Name

Registry>Monitors>Email Round-Trip

Registry>Monitors>SOAP-XML

Registry>Monitors>SSL Certificates

Registry>Monitors>System Processes

Registry>Monitors>TCP-IP Ports

Registry>Monitors>Web Content

Registry>Monitors>Windows Services

Grant All Grant all access rights that are allowable for Users (non-Administrators), excluding the ability to edit Access Keys

All Key Hooks except Key Manager

ScienceLogic Administrators
Basic User Privileges Grants access to the finder and preferences tab

Finder

Preferences>

Preferences>Account>Information

Preferences>Account>Preferences

Preferences>Account>Schedule

All users
PowerPack Administration Grants create edit and import permissions for PowerPacks

PowerPack:Create

PowerPack:Delete

PowerPack:Edit

PowerPack:Import

System>

System>Manage>PowerPacks

Content Developers

Provisioning Staff

Implementation Engineers

Provisioning Access Grants add, edit, and remove permissions for credentials and allows a user to run discovery sessions

Cred:Basic:Add/Rem

Cred:Basic:Edit

Cred:DB:Add/Rem

Cred:DB:Edit

Cred:SNMP:Add/Rem

Cred:SNMP:Edit

Cred:SOAP:Add/Rem

Cred:SOAP:Edit

System>Manage>Credentials

Discovery:Run

System>

System>Manage>Discovery

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Admin Portal UI Access Grants access to the ScienceLogic web interface

Admin Portal Access

All users

Events - View Grants view and acknowledge access to events

Event:Acknowledge

Event:Kiosk

Event:View (From Dev Properties)

Event:View (From Org Page

Events/Event:View

Customers

Help Desk

Other staff who require view-only access to Events

Events - Advanced Grants view acknowledge and clear access to events

Event:Acknowledge

Event:Clear

Event:Kiosk

Event:Reacknowledge

Event:View (From Org Page

Events/Event:View

Network Engineers

NOC Staff

IT Services - View Grants view access to IT Services

Registry>

IT Service:View

Registry>IT Services>IT Service Manager

Customers

Network Engineers

System Administrators

NOC Staff

IT Services - Administration Grants add edit and remove permissions for IT Services and IT Service Dashboards

Registry>

IT Service Dashboard:Add/Rem

IT Service Dashboard:Edit

IT Service:Add/Rem

IT Service:Edit

IT Service:View

Registry>IT Services>IT Service Dashboards

Registry>IT Services>IT Service Manager

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Org / User / Vendor - View Grants view access to organizations, user accounts, external contacts, and vendors

Org:Logs:view

Org:Note:View

Org:Print Report

Org:View

Org:View summary

Registry>Accounts>Organizations

Registry>Accounts>User Accounts

Registry>Accounts>Vendors

User:Print Report

User:View

Vendor:Notes

Vendor View

Customers

Help Desk

Other staff who require view-only access to Organizations, Users, and Vendors

Org / User / Vendor - Administration Grants add, edit, and remove permissions for organizations, user accounts, external contacts, and vendors

Custom Select Objects:Organization Add/Edit/Delete

Custom Select Objects:User Account Add/Edit/Delete

Org:AddRem

Org:AltLocations:Edit

Org:Edit

Org:Logs:Clear

Org:Logs:View

Org:Notes:Add/Rem

Org:Notes:Edit

Org:Notes:View

Org:Print Report

Org:View

Org:View Summary

Registry>Accounts>Organization

External Contact:Add/Rem

External Contact:Edit

External Contact:View

External Contact:View (From Org Page)

Registry>Accounts>External Contacts

Registry>Accounts>User Accounts

Registry>Accounts>Vendors

User:Add/Rem

User:Edit

User:Edit (From Org Page)

User:Print Report

User:View

Vendor:Add/Rem

Vendor:Edit

Vendor:Edit Notes

Vendor:Notes

Vendor:View

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Org / User / Vendor - Operator Grants view access to organizations, user accounts, external contacts, and vendors and the ability to add and edit organization and vendor notes

Org:Logs:View

Org:Notes:Add/Rem

Org:Notes:Edit

Org:Notes:View

Org:Print Report

Org:View

Org:View Summary

Registry>Accounts>Organization

Registry>Accounts>User Accounts

Registry>Accounts>Vendors

User:Print Report

User:View

Vendor:Edit Notes

Vendor:Notes

Vendor:View

ScienceLogic Administrators

Network Engineers

System Administrators

NOC Staff

Reporting - Run Quick Reports Grants permissions to run quick reports

Reports>

Reports>Create Report>Quick Report

Customers

Help Desk

Other staff who require view-only access to Quick Reports

Reporting - Administration Grants permissions to run and schedule reports as any user and view archived reports

Reports:Jobs:Add/Rem

Reports:Jobs:Edit

Reports:Jobs:Run As Any User

Reports:Jobs:Run As Org User

Reports:Schedule

Reports>

Reports>Create Report>Archived Reports

Reports>Create Report>Quick Report

Reports>Create Report>Report Jobs

Network Engineers

NOC Staff

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Reporting - Developer Grants edit permissions for report definitions

Reports>

Reports>Management>Input Forms

Reports>Management>Report Manager

Reports>Management>Report Output Media

Reports>Management>Report Output Styles

Reports>Management>Report Output Templates

Content Developers

Report Developers

Ticketing - End User Grants basic view and create permissions for tickets and allows a user to add notes to a ticket

Ticket:All in Orgs

Ticket:Assign within Queue

Ticket:Create

Ticket:Edit

Ticket:History (per Org)

Ticket:History:View

Ticket:Messaging

Ticket:Notes:Add

Ticket:Reports

Ticket:Statistics:View

Ticketing/Ticket:View

Customers

Help Desk

Other staff who need to create tickets and view tickets only

Ticketing - Operator Grants create view and edit permissions for ticketing

Ticket:Alignment

Ticket:All in Orgs

Ticket:Assign

Ticket:Change Severity

Ticket:Create

Ticket:Edit

Ticket:History (per Org)

Ticket:History: View

Ticket:Messaging

Ticket:Notes:Add

Ticket:Notes:Cloaked

Ticket:Notes:Cloaked:Edit

Ticket:Notes:Edit

Ticket:Reports

Ticket:Statistics:View

Ticket:View Logs

Ticket:View Watchers

Ticket:Watchers:Add/Rem

Ticketing/Ticket:View

Network Engineers

NOC Staff

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Ticketing - Administration Grants create view and edit permissions for ticketing and allows a user to configure the ticketing system

Registry>

Registry>Ticketing>Custom States

Registry>Ticketing>Email Tickets

Registry>Ticketing>Escalations

Registry>Ticketing>Queues

Registry>Ticketing>Templates

Ticket:Access All

Ticket:Access All Queues

Ticket:Alignment

Ticket:All queue Members

Ticket:All in Orgs

Ticket:All in queues

Ticket:Assign

Ticket:Assign within Queue

Ticket:Change Severity

Ticket:Charge Back Services

Ticket:Create

Ticket:Customize Forms

Ticket:Delete

Ticket:Edit

Ticket:Escalation:Add/Rem

Ticket:Escalation:Edit

Ticket:Events:Alignment

Ticket:History (per Org)

Ticket:History:View

Ticket:Messaging

Ticket:Notes:Add

Ticket:Notes:Cloaked

Ticket:Notes:Cloaked Edit

Ticket:Notes:Edit

Ticket:Notes:Remove

Ticket:Queue:Edit

Ticket:Queue:View

Ticket:Reports

Ticket:Scheduler

Ticket:Statistics:View

Ticket:Templates:Edit/Add/Rem

Ticket:View Any

Ticket:View Logs

Ticket:View Watchers

Ticket:Watchers:Add/Rem

Ticketing/Ticket:View

Ticketing:States:Add/Rem

Ticketing:States:Edit

Provisioning Staff

Support Engineers

Implementation Engineers

QA Analysts

Creating an Access Key

You can create Access Keys on the Key/Hook Alignment Editor page.

To create an Access Key:

  • To navigate to the Access Hooks page, go to System > Manage > Access Keys.
  • Click the Key Manager button. The Key/Hook Alignment Editor page appears:

  • Supply a value in each of the following fields in the Key/Hook Alignment Editor page:
  • Name. Enter a name in the Name field. This name will be used anywhere a list of Access Keys is displayed.
  • Key Category. Select a category from the Key Category drop down list. Categories are included to help you organize your access keys. Lists of Access Keys are always displayed grouped by category. In addition, Access Keys must be in certain Categories if they will be used to control access to Dashboards, Knowledge Base Articles or Device Groups. For more information, see the Using Access Keys with User Generated Content section.

Caution: Due to security vulnerabilities, ScienceLogic recommends that customers who installed SL1 prior to 8.9.2 disable the Knowledge Base. For details, see the release notes for version 8.9.2 of SL1.

  • Key Description. Enter a description in the Key Description field. The description is displayed on the Access Keys page, and is included to help you organize your Access Keys. The description is also displayed when the mouse is hovered over the Access Key on the Account Permissions and User Policy Properties Editor pages. The description is optional.
  • Select Access Hooks to align with the Access Key using the list of Unaligned Access Hooks and Aligned Access Hooks and arrow buttons (>>, <<). Initially, all Access Hooks will be in the list of Unaligned Access Hooks.
  • To assign an Access Hook to the current Access Key:
  • Highlight one or more Access Hooks in the Unaligned list.
  • Highlight one or more Access Hooks in the Unaligned list.
  • To move Access Hooks from the current Access Key:
  • Highlight one or more Access Hooks in the Aligned select list.
  • Click the arrow button that points left (<<).

You can select multiple Access Hooks at once:

  • To select a range of Access Hooks, click on the first Access Hook, then click on the last Access Hook while holding down the <Shift> key on your keyboard. The Access Hooks you clicked on and all the Access Hooks between them in the list will be selected.
  • To select several Access Hooks, hold down the CTRL key on your keyboard while clicking on them. Mac users should hold down the Command key instead of the CTRL key.
  • To select every Access Hook in a category, click on the red category name.
  • Select the Save button. The message "Save Completed" will be displayed at the top of the screen.
  • If you select the Save button again, any changes made will be applied to the same Access Key. Select the New button if you want to create another Access Key.

Editing an Access Key

To edit an Access Key:

  • Navigate to the Access Keys page (System > Manage > Access Keys).
  • Find the Access Key you want to edit. Click the Key Editor icon () for that Access Key. Alternately, if you are already in the Key/Hook Alignment Editor page, you can select an Access Key to edit from the list of Access Keys displayed on the left side of the page.
  • When you select an Access Key to edit, all the fields in the Key/Hook Alignment Editor page are populated with the current data for the Access Key. You can make changes to the values in one or more fields.
  • After making changes, click the Save button to save your changes.
  • To save your changes as a new Access Key, enter a new value in the Name field and select the Save As button.
  • Clicking the Reset button will reload the fields with the last saved data for the Access Key, without saving any changes from this editing session.

Deleting Access Keys

"Delete Key" is the only option in the Select Action drop down list on the Access Keys page. Perform the following steps to delete Access Keys:

  • On the Access Keys page, click the checkbox () for each Access Key to be deleted.
  • In the Select Action drop down list, select Delete Key.
  • Click the Go button.

NOTE: You cannot delete an Access Key that is currently granted to a user account or user policy. Checkboxes will not be displayed for Access Keys that cannot be deleted.