I've been tasked with creating a "Guest" view in NPM that shows only the status of WAN sites. Up or Down. Nothing else.
After building the view and limiting the guest account as far as I know how, I still see the Magnifying Search icon, and the Help icon, in the upper right:
When logged in as the guest user, I can click on the magnifying glass and get views and access into FAR too many items inside my NPM solution.
Not quite as bad, the Help link takes the user out to Solarwinds site, but I don't want that to happen at all.
How do I remove the Magnifying glass and the Help icon from a view? Or, how do I limit an account from accessing/seeing/using those to items?
Spoke with SW on this and was told that Multi-tenancy is NOT an architecture SW is based on. Many clients have asked for this feature, and I am told that SW is aware of this issue.
I have had quite a few clients ask for this and we are able to implement it to a limited degree.
We'll have to wait and watch to see if SW becomes multi-tenant.
I don't think there's a way to edit those features out without it impacting all users, and the config wizard would put them back if you ever ran it after cutting them out of the web interface. For your scenario I would probably go into the user account settings and make sure that every kind of details view was set to none like in this screenshot.
Maybe even throw an account limitation on them to only see the group or nodes that should be reflected on that wan site summary page.
Yes, I've made all those restrictions & limitations. Users can open the external node icon & see the network node(s) within, and if they hover they can see more info than I'd like. Including the device's polling IP address. A C-Level person doesn't need that info in my organization.
I'd like to remove this NPM user's ability to hover & see info. aLTeReGo, is that possible?
Happily, when they click on the node, they can't get at it. Instead they see this page:
I'd love to not even have that page show up. There are always those who want more if they can see it's out there, who don't trust why someone would limit their ability to see something. Our IT departments have grown to about 700 people, and in a group that large there are always folks are the flies in the ointment, the sand in the gears. They'll consume more of the Network Team's time by asking the same questions over and over as each one discovers they've been limited. I suspect the same as Directors, Department Managers, C-Levels folks, etc. all learn about this new view of the network status. And there will be some who demand more, when they can't use the information. And the info will generate more questions, ad infinitum.
The two links at the bottom of the Restricted page should also be removable. These people don't need more troubleshooting, should not see the SW KB, and don't have access to support contracts--so why would I give them a link to Contact Support? Is there a way to remove this?
Then the question becomes how to remove the Magnifying Glass Search icon in the upper right. When I test the new view, logged in as the user with absolutely NO rights, that icon lets me get in to see WAY too much. Here I clicked on it and just entered "network":
From there I opened Entity (2) and selected Interface:
That's too much for anyone outside of Networks to see. This info gives them ideas about what ports do what, which switches they're on--just too much. How do I remove this Magnifying Glass, or stop a specific NPM user or AD group from being able to use it?
serena, have you seen this before? How about DanielleH? Is there a way to stop users from getting this far into NPM? All I want them to see is green or red node status, and not be able to search or open other windows from links within the view. Maybe sqlrockstar has this down pat and can share expertise to limit access, when all access on the NPM user's page is locked down 100%?
I have a workaround for you to hide the interfaces and other entities in the search that doesn't require you going off and coding.
This is assuming that you've already deleted from monitoring your Loopback interfaces, but you get the idea and it should work for anything you're trying to hide.
For the user account, set an account limitation of Interface Types and select type Loopback. Essentially, this will hide all the interfaces that you're worried about from appearing in the search (again assuming you're not monitoring loopbacks). You can do a similar trick for volumes by selecting floppy disks etc.
I would say the direction I would take this is to not send the users to NPM directly at all, build a report/dashboard whatever in SQL SSRS using the data from the SW database and don't embed any links or extra features inside of it. You could fairly easily make that into a fully read only interface and have full control of what buttons do or don't exist. In an org with 700 people in IT I expect you already have someone out there who writes SSRS reports all day and could crank that out for you in an afternoon. If you guys have web dev talent on hand you could also have someone pull the necessary data from the API and present it using whatever web languages they like as well.
That's a lovely end runaround--I like it and respect it. You're probably right--I bet there are people within my organization that can do what you suggested.
But since this IS a Solarwinds presentation, NPM Administrators MUST have the ability to get the job done without farming it out to others. Or, at least they must in my ideal Orion world. ;^)
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.