5.4. User Management

5.4. User Management
Prev	Up	Chapter 5. Using PPEM	Home	Next

5.4. User Management #

5.4.1. Users
5.4.2. User Groups
5.4.3. User Roles and Privileges

Users manage PPEM through the web application. If required, you can group them for centralized management.

User access levels to different operations are determined by user roles. Each user role has a predefined set of privileges. User roles can be assigned to both individual users and groups.

For more information about user roles and privileges, refer to Role-Based Access Control (RBAC) Model.

This section explains how to manage users and user groups. It also includes information about existing user roles and privileges.

5.4.1. Users #

This section explains how to manage users. It includes the following instructions:

Creating a User

In the navigation panel, go to Users.
In the top-right corner of the page, click Add user.
Enter parameters of the new user (parameters marked with an asterisk are required):
- Name.
- Last name.
- Email.
- Login and Password: The user login and password for logging in to the web application.
  The minimum password length is 8 characters.
- Job title.
- Phone.
- Group: The groups to which the user will be added.
  You can also add a user to a group when creating or editing the group.
- Permissions: The user roles that will be assigned to the user.
  To assign a role to a user, click Add role + and select the role. For certain user roles, select the objects to which these roles will grant access.
- PPEM access: Specifies whether the user can log in to the web application.
  Possible values:
  - Active: The user can log in to the web application.
  - Blocked: The user is blocked from logging in to the web application.
    To unblock a user, select Active from PPEM access when editing the user.
Click Save.

Viewing Users

In the navigation panel, go to Users.

The table of users with the following columns will be displayed:

Full name: The name and last name of the user.
Login: The user login for logging in to the web application.
Email.
PPEM access: Specifies whether the user can log in to the web application.
Possible values:
- Active.
- Auto-blocked: The user was automatically blocked from logging in to the web application due to too many failed log-in attempts.
- Blocked: The user was blocked from logging in to the web application by an administrator.
Personal roles: The user roles assigned to the user.
Group: The PPEM groups and LDAP groups to which the user is added.

Editing a User

In the navigation panel, go to Users.
Click next to the user.
Edit user parameters.
Click Save.

Configuring the Automatic User Blocking #

You can specify the maximum number of failed attempts to log in to the web application, after which the user is automatically blocked from logging in again. To do this, use the lifetime.max_failed_login_attempts: maximum_number_of_failed_attempts parameter of the ppem-manager.yml manager configuration file.

Note

Users blocked due to too many failed log-in attempts are not unblocked automatically.

To unblock a user, select Active from PPEM access when editing the user.

Deleting a User

Important

Deleted users cannot be restored.

To delete a user:

In the navigation panel, go to Users.
Click next to the user.
Click Yes, delete.

5.4.2. User Groups #

This section explains how to manage user groups. It includes the following instructions:

Creating a User Group

In the navigation panel, go to Users → Groups.
In the top-right corner of the page, click Create group.
Enter parameters of the new user group (parameters marked with an asterisk are required):
- Name.
- Description.
- LDAP group: The LDAP group that will be associated with the user group.
- Users: The users that will be added to the group.
  You can also add a user to a group when creating or editing the user.
- Permissions: The user roles that will be assigned to the user group.
  To assign a role to a user group, click Add role + and select the role. For certain user roles, select the objects to which these roles will grant access.
Click Save.

Viewing User Groups

In the navigation panel, go to Users → Groups.

The table of user groups with the following columns will be displayed:

Group: The name of the user group.
Description.
LDAP group: The LDAP group associated with the user group.
Actions.
For more information about available actions, refer to other instructions in this section.

Viewing User Group Information

You can view which users are added and which user roles are assigned to the group.

To view information about a user group:

In the navigation panel, go to Users → Groups.
Click → Show details next to the user group.

Editing a User Group

In the navigation panel, go to Users → Groups.
Click → Edit next to the user group.
Edit user group parameters.
Click Save.

Deleting a User Group

Important

Deleted user groups cannot be restored.

Deleting a group does not delete its users but revokes the user roles assigned to them through the group. If required, you can delete users individually or edit them to reassign user roles.

To delete a user group:

In the navigation panel, go to Users → Groups.
Click → Delete next to the user group.
Click Delete.

5.4.3. User Roles and Privileges #

This section describes user roles and privileges. It also includes the following instructions:

For more information about roles and privileges, refer to Role-Based Access Control (RBAC) Model.

User Roles Description #

The following user roles are available in PPEM:

System administrator role has a full set of privileges.
Guest role can view a limited number of objects.
Instance objects administrator role can manage instance objects.
Instance objects viewer role can view instance objects.
Instance administrator role can manage an instance.
Instance PSQL user role can run psql within an instance.
Access administrator role can manage user roles and group roles.
Repositories and packages administrator can manage repositories and packages.

Privileges Description #

User roles can have the following privileges:

privilege_view: Viewing privileges and their descriptions.
role_create: Creating user roles.
role_view: Viewing user roles and their parameters.
role_edit: Editing user roles.
role_delete: Deleting user roles.
user_create: Creating users.
user_view_all: Viewing any users and their parameters.
user_edit_all: Editing any users.
user_delete: Deleting users.
project_create: Creating projects.
project_view: Viewing projects and their parameters.
project_edit: Editing projects.
project_delete: Deleting projects.
notification_create: Creating notifications.
notification_view: Viewing notifications and their parameters.
notification_edit: Editing notifications.
notification_delete: Deleting notifications.
group_create: Creating user groups.
group_view: Viewing user groups and their parameters.
group_edit: Editing user groups.
group_delete: Deleting user groups.
host_create: Creating servers.
host_view: Viewing servers and their parameters.
host_edit: Editing servers.
host_delete: Deleting servers.
agent_create: Creating agents.
agent_view: Viewing agents and their parameters.
agent_edit: Editing agents.
agent_delete: Deleting agents.
instance_create: Creating instances.
instance_view: Viewing instances.
instance_edit: Editing instances.
instance_delete: Deleting instances.
session_view_all: Viewing any user sessions.
session_delete_all: Editing any user sessions.
session_update: Updating user sessions.
command_create: Creating commands.
command_view_all: Viewing any commands.
command_edit_all: Editing any commands.
command_delete_all: Canceling any commands.
instance_object_view: Viewing instance objects and their parameters.
metrics_view: Viewing metrics.
job_create: Creating jobs.
job_view_all: Viewing any jobs.
job_edit_all: Editing any jobs.
job_delete_all: Deleting any jobs.
backup_create: Creating backups.
backup_view: Viewing backups.
backup_edit: Editing backups.
backup_delete: Deleting backups.
datasource_create: Creating data storages.
datasource_view: Viewing data storages.
datasource_edit: Editing data storages.
datasource_delete: Deleting data storages.
maintenance_create: Executing maintenance commands.
instance_service_control: Executing utility commands.
instance_settings_create: Creating instance parameters.
This service privilege allows agents to add instance parameters to the repository database.
instance_settings_view: Viewing instance parameters.
instance_settings_edit: Editing instance parameters.
query_state_read: Executing the pg_query_state command.
logs_view: Viewing logs.
chart_create: Creating graphs.
chart_view: Viewing graphs.
chart_edit: Editing graphs.
chart_delete: Deleting graphs.
chart_group_create: Creating graph groups.
chart_group_view: Viewing graph groups.
chart_group_edit: Editing graph groups.
chart_group_delete: Deleting graph groups.
stat_activity_view: Viewing the pg_stat_activity view statistics.
stat_statements_view: Viewing any SQL statements executed by the server.
overview_view: Viewing the system overview.
tag_create: Creating tags.
tag_view: Viewing tags and their parameters.
tag_edit: Editing tags.
tag_delete: Deleting tags.
progress_stats_view: Viewing pg_stat_progress_* views statistics.
about_view: Viewing the system information.
pgpro_pwr_databases_view: Viewing pgpro_pwr extensions.
pgpro_pwr_servers_delete: Deleting pgpro_pwr servers.
pgpro_pwr_servers_view: Viewing pgpro_pwr servers.
replication_node_create: Creating replication nodes.
pgpro_pwr_servers_add: Adding pgpro_pwr servers.
pgpro_pwr_servers_patch: Installing patches for pgpro_pwr extensions.
stat_locktree_view: Viewing a locktree.
pgpro_pwr_samples_create: Creating pgpro_pwr samples.
pgpro_pwr_samples_get: Viewing pgpro_pwr samples.
pgpro_pwr_samples_delete: Deleting pgpro_pwr samples.
pgpro_pwr_report_create: Creating pgpro_pwr reports.
pgpro_pwr_report_delete: Deleting pgpro_pwr reports.
replication_node_view: Viewing replication nodes.
pgpro_pwr_report_view: Viewing pgpro_pwr reports.
settings_preset_view: Viewing presets.
pgpro_pwr_overview: Viewing the contents of pgpro_pwr reports.
user_roles_edit: Assigning and removing user roles.
group_roles_edit: Assigning and removing user group user roles.
user_groups_edit: Adding and deleting users from groups.
job_run_all: Running any jobs.

Creating a User Role

In the navigation panel, go to Users → Roles and privileges.
In the top-right corner of the page, click Add role.
Enter parameters of the new user role (parameters marked with an asterisk are required):
- System name: The system identifier of the role.
- Name.
- Description.
- Privileges: The privileges that will be associated with the user role.
  For more information about privileges, refer to Privileges Description.
Click Next, and then verify the list of privileges.
Click Add.

Viewing User Roles and Privileges

In the navigation panel, go to Users → Roles and privileges.

The table of user roles with the following columns will be displayed:

Role: The name and system identifier of the user role.
To display the list of names and system identifiers of the privileges associated with the user role, click next to the user role name.
Priveleges: The number of privileges associated with the user role.
Description.
Actions.
For more information about available actions, refer to other instructions in this section.

Editing a User Role

In the navigation panel, go to Users → Roles and privileges.
Click next to the user role.
Edit user role parameters.
Click Next, and then verify the list of privileges.
Click Save.

Deleting a User Role

Important

Deleted user roles cannot be restored.

To delete a user role:

In the navigation panel, go to Users → Roles and privileges.
Click next to the user role.
Confirm the operation and click Delete.

Prev	Up	Next
5.3. System Configuration	Home	5.5. Instances