Configuring User Policies

Download this manual as a PDF file

In SL1, user policies allow you to define a set of user account properties and permissions to re-use for multiple user accounts. When you create a user account, you can use a user policy to quickly apply settings to the new user account.

User policies have a dynamic relationship with their member user accounts. When you make a change to a user policy, the user accounts associated with that user policy are automatically updated.

In this example, a single user policy is defined that grants customer-level access to the system. When a new customer is provisioned, the user policy is used to create a user account for the new customer.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Using the Default User Policies

SL1 includes a set of sample user policies that are created when SL1 is installed. These sample user policies are intended as a starting point for you to create a set of user policies to meet your needs. If you edit the sample user policies, your changes will not be overwritten when you upgrade SL1.

The sample user policies use a sample set of access keys. An access key is a customized group of privileges that allow a user to perform actions in SL1. Each privilege, called an access hook, typically grants a single action, such as viewing a specific page or editing a specific entity.

Access hooks are grouped into access keys for easier management and alignment with users. SL1 includes 28 sample access keys by default. Similar to the default user policies, these access keys are intended as a starting point for you to create a set of access keys to meet your needs. If you edit the sample access keys, your changes will not be overwritten when you upgrade SL1.

This example uses the default "End User" user policy, which grants limited, view-only access to the user interface. This user policy was designed primarily to be used by customers of service providers.

The "End User" user policy is assigned access keys that allow associated users to:

  • Use the basic user tools, including the Finder tool and User Preferences
  • View, create, and add notes to tickets
  • View dashboards that other users have shared with them
  • View their organization record and user accounts associated with their organization
  • View performance data and events for their devices
  • View data about IT Services that other users have shared with them

The following sections describe how you can customize the default "End User" user policy and the default access keys to meet your needs.

Editing a User Policy

To edit a user policy, including removing or adding permissions, perform the following steps:

  1. Go to the User Policies page (Registry > Accounts > User Policies). The page displays the default user policies and any additional user policies that have been configured in SL1.
  2. Click the wrench icon () for the user policy you want to edit. For this example, edit the "End User" user policy. The User Policy Properties Editor page is displayed. Some fields have been disabled in the default user policies; disabled fields appear grayed out in the User Policy Properties Editor page. When you disable a field in a user policy, that field can be edited on a per-user account basis for all user accounts that are associated with the user policy. For example, if you are using a single user policy for multiple customers, you would leave the Organization field disabled; you would align each customer account with the corresponding customer organization when you create their user account. To enable or disable a field, select the field name.
  3. To customize the user policy, you can edit the value in one or more fields in this page. A common customization is adding and removing access keys. The right pane in the User Policy Properties Editor page lists all the access keys in the platform; select the checkboxes for the access keys that you want to grant to your customers. You might want to remove some of the default access keys based on your use of SL1. For example, if you are not using the asset management feature, you might want to remove the "Asset - View" and "Asset - Administration" access keys.
  4. Click Save to save your changes.

Editing an Access Key

To change the permissions that are granted by a specific access key, perform the following steps:

  1. Go to the Access Keys page (System > Manage > Access Keys).
  2. Click the wrench icon () next to the access key that you want to edit. For example, select the "Devices - Information View" access key. This access key grants view-only access to performance data and events for devices. The Key/Hook Alignment Editor is displayed.
  3. The Aligned Access Hooks field displays the access hooks that are granted by this access key. The Unaligned Access Hooks field displays all the other access hooks that are available in the platform:
    • To add an access hook to the access key, select the access hook in the Unaligned Access Hooks field, then select the right arrow button (>>).
    • To remove an access hook from the access key, select the access hook in the Aligned Access Hooks field, then select the left arrow button (<<).
    • For example, the "Devices - Information View" includes the Dev:View Profile access hook. This access hook allows a user to view the Profile tab in the Device Reports panel. If you do not want your customers to have access to this tab, select Dev:View Profile in the Aligned Access Hooks field, then select the left arrow button (<<).
  4. Click Save to save your changes.