This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

User vs. Admin - Dashboard Access

I'm a little confused.  I have configured Active Directory authentication for my users and have enabled the automatic creation of user-level accounts.  No problem.  Users log in and should only have user rights.  If a user requires admin access I log in and assign them the Admin role.  Nice and easy, right?

When I log in with my user-level accounts why can they add/remote/change widgets on the dashboard?  Heck, why can they create new dashboards?  I want to be able to give folks the ability to log in and poke around but I don't want them fiddling with dashboards, etc.  I've read the manual (yep, the *whole* thing) and I don't see (or remember) any reference that would solve this issue.

This also impacts the integration into our NPM/SAM environment.  I've had to disable Virtualization Manager Embedded Views as users were able to fiddle with the dashboards after authenticating into the Orion web console.  I don't really want to have to build views with custom HTML for displaying widgets but I will if it means a more secure environment.

Thanks,

Josh

  • It is possible to achieve what you need (to disable editing dashboards for non-admin users):

    By default the dashboards has permissions "Word Writable", which means that anybody can add/edit widgets on the dashboards. You have to change permissions to the dashboards to "World Readable" on the Explore / Content page (you can filter all dashboards - by type; and the edit button is at the bottom left side). After all the dashboards are set to "World Readable" they are not editable by non-admin users (it is not possible to edit widgets or add new widget). More details on the following screenshot:

    dashboard-permission.png

  • Brilliant!  I guess I should have read that manual a little more closely, eh? emoticons_grin.png

  • I've got all the dashboards locked down (thank-you!) but wondering if I can prevent users from creating new dashboards?  Is there any other security that I should look at implementing?

    We have a rather unique environment in that we give every user in the enterprise access to all of the information available in the our monitoring environment.  However without the ability to specify granular controls to the user security classification I don't think that I can do that with VMan.  I guess I could touch every content type (alerts, lists, queries, reports, resource containers, resource profiles, templates and trends) to set them all as world readable but that is tonne of clicking just to set up security.

    Thoughts?

  • Josh

    We can accomplish what you are trying to do by integrating your VMAN instance with you Orion NPM or SAM.  This will provide you with RBAC  and allow you to set group access for an entire component (in this case virtualization) much like the current setup for NPM and SAM. Unfortunatly there is no way to accomplish what you need to do without touching every type of content with out integration enabled.

    The thwack post describes some great integration features and a quick how to and videos.

    Dreams Do Come True: Virtualization Manager 6.0 with Integration with SAM and NPM