Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Users and Groups Using the User Administration Tool

    The User Administration tool allows you to create user groups that share the same view and modify privileges. To access this tool, login to the IP/MPLSView client using the admin user used to install IP/MPLSView (usually wandl). Select Admin > User Administration. The User Administration Tool is displayed.

    The command line interface can also be used to add users into existing user groups.

    Three types of user groups can be added:

    • Full Access (for IP/MPLSView client and optionally Web access).
    • Web Portal (for Web-only users without a Linux login).
    • Web VPN (for Web-only users who can only view particular VPN customer(s).

    Full access users who are given Web access are able to log in to the Web portal using their Linux ID and password.

    Figure 1: User Administration User Groups Tab

    User Administration User Groups Tab

    Click the Green button (left) to add a new group and the Red button (right) to delete a group. Select a group in the left pane to display the privileges for the group in the right pane. To change these privileges, select the privileges that you want to give the group. Note that selecting a row colored gray toggles the selection of all the check boxes for that category. Scroll down to see the access privileges for the web functions.

    Regional Access (Live Network Only)

    Regional permissions can be set up to limit direct access to live routers through IP/MPLSView. For devices outside of the permitted regions, view-only access is provided, and features such as ping, traceroute, show config, and hardware inventory are disabled.

    First create the regions in the top Regions tab. Next, select the User Groups tab, and in the right pane, select the bottom Regions tab. De-select All Regions, and then select the region(s) that can be accessed.

    VPN Access (Live Network Only)

    For Web Portal and Web VPN groups, select the VPN Customers tab to select which VPN Customers to enable for the group. To populate the VPN Customers from the live network, you must first schedule and run a live network task.

    After creating a user group, add users to that group by clicking the Users tab. In the Users tab, click the Green button (left) to add a new user and the Red button (right) to delete a user. To modify a user, double-click the user or select the user and click the Gear button (middle).

    Figure 2: User Administration Users Tab

    User Administration Users Tab

    When specifying the user details, you must either map the user to a pre-existing system User ID (for Full Access users), which can be created as described in Installing the IP/MPLSView Server, Client, Traffic Data Collector, and Rsync Package, or enter a Web password (for Web Portal and Web VPN users). Make sure a password is also created for the system User ID for Full Access users. If it has not been set, the root user can change the password using the passwd userid command and substituting userid with the system User ID. The login to the Web is then the name and the password is the password set for the system user ID.

    In addition to using the GUI interface to perform user administration, you can also add users from text mode using the following:

    /u/wandl/bin/addWandlUser.sh.
    |Usage: addWandlUser.sh: "name" "group" <-u "uid"|-w "webpassword"> [-a
    <Full|Browsing|Restricted|Blocked>] [-e "email"] [-p "phone"] [-i
    "im"] [-d "description"]
    name => mandatory username
    group => mandatory user admin group
    -u linuxloginname => linux user id (mandatory if group is a full access group)
    -w webpassword => password for web user (mandatory if group is a web
    or vpn group)
    -a <Full|Browsing|Restricted|Blocked> => sets access level to one of
    the 4 choices (defaults to Full if not specified for non web/vpn
    group)
    -e email => optional email
    -p phone => optional phone
    -i im => optional im
    -d description => optional description

    Example:

    $ cd /u/wandl/bin
    $ ./addWandlUser.sh lab Administrators -u lab -a Full -d “for test”

    To configure the maximum number of logins per user, edit the /u/wandl/data/.usr/.usercount file, with one line per user to control. The last line is the default maximum number of logins. For example, to configure a maximum of three wandl users, and a maximum of one other user, enter the following:

    wandl 3
    1

    For more details, refer to the IP/MPLSView Java-Based Management and Monitoring Guide.

    Modified: 2016-11-08