4 Replies Latest reply on Oct 7, 2014 8:09 AM by chrispaap

    User vs. Admin - Dashboard Access


      I'm a little confused.  I have configured Active Directory authentication for my users and have enabled the automatic creation of user-level accounts.  No problem.  Users log in and should only have user rights.  If a user requires admin access I log in and assign them the Admin role.  Nice and easy, right?


      When I log in with my user-level accounts why can they add/remote/change widgets on the dashboard?  Heck, why can they create new dashboards?  I want to be able to give folks the ability to log in and poke around but I don't want them fiddling with dashboards, etc.  I've read the manual (yep, the *whole* thing) and I don't see (or remember) any reference that would solve this issue.


      This also impacts the integration into our NPM/SAM environment.  I've had to disable Virtualization Manager Embedded Views as users were able to fiddle with the dashboards after authenticating into the Orion web console.  I don't really want to have to build views with custom HTML for displaying widgets but I will if it means a more secure environment.





        • Re: User vs. Admin - Dashboard Access

          It is possible to achieve what you need (to disable editing dashboards for non-admin users):


          By default the dashboards has permissions "Word Writable", which means that anybody can add/edit widgets on the dashboards. You have to change permissions to the dashboards to "World Readable" on the Explore / Content page (you can filter all dashboards - by type; and the edit button is at the bottom left side). After all the dashboards are set to "World Readable" they are not editable by non-admin users (it is not possible to edit widgets or add new widget). More details on the following screenshot:



            • Re: User vs. Admin - Dashboard Access

              Brilliant!  I guess I should have read that manual a little more closely, eh?

              • Re: User vs. Admin - Dashboard Access

                I've got all the dashboards locked down (thank-you!) but wondering if I can prevent users from creating new dashboards?  Is there any other security that I should look at implementing?


                We have a rather unique environment in that we give every user in the enterprise access to all of the information available in the our monitoring environment.  However without the ability to specify granular controls to the user security classification I don't think that I can do that with VMan.  I guess I could touch every content type (alerts, lists, queries, reports, resource containers, resource profiles, templates and trends) to set them all as world readable but that is tonne of clicking just to set up security.