Granting Administrative Permissions
Depending on the size and organizational requirements of your business, you may need multiple users to manage different aspects of your Longview system. Using Longview Application Administrator, you can grant permissions to users to suit your needs.
There are two ways to grant permissions; you can grant a set of permissions to an individual user, or you can grant a set of permissions to a group. All users in a group are granted the permissions assigned to that group.
Administration rules
There are certain logical rules that apply to users with administrative permissions; in particularly to those with permissions to grant administrative permissions to other users.
Assuming the following:
- Joe is a user in groups A, B, and D, and has user administration permissions in group A.
- Alice is a user in groups A and D.
- Tony is a user in groups C and D.
- Mike is a user in group C.
Joe is:
- able to administer user Alice, because they are both in group A together and Joe has user administrative permissions for that group.
- unable to administer Tony, even though they are both in group D, because Joe does not have user administrative permissions for that group.
- unable to administer Mike because they share no groups whatsoever.
Because Joe has user administrative permissions for group A, he can grant Alice administrative permissions for that group as well. He does not have to grant Alice all his permissions for that group, although he may if he chooses to. However, one thing he cannot do is grant Alice any permissions that he himself does not already have (nor can he grant them to himself), and he cannot grant Alice administrative permissions in any group in which he himself does not have user administrative permissions. For example, while Joe, Alice, and Tony are all in group D together, Joe does not have user administrative permissions in that group, and so cannot give them any administrative permissions in that group (note that the exact same rules apply to symbol access and symbol access roles).
If the group in which a user has user administration permissions is the AllUsers group, that user then can administer all users in the system. However, that user with administrative permissions must still operate within the limits of the permissions he himself has been granted: he cannot grant to other users’ permissions or symbol access that he himself does not possess.
Understanding the AllUsers group
The AllUsers group is a system-created group related specifically to administrative permissions.
The following rules apply to the AllUsers group:
- Users are automatically assigned to the AllUsers group when they are created and cannot be removed from it.
- The AllUsers group cannot be deleted, and the group name and description cannot be modified.
- The AllUsers group is not displayed in the Group list when you sign on to a Longview system.
- In Longview Client, the AllUsers group is a valid user group in only the User Administration and Reset Passwords fields in the Users editor, and the Authorization Group field in the User_Authorization.csv import file.
Granting administrative permissions to a user
This section explains the methods by which you can give users administrative permissions.
Adding administrative permissions to a user
To grant administrative permissions to an existing user directly, follow these steps:
- Open Longview Application Administrator.
- In the Server Explorer pane, expand Users and Groups and select Users. The list of users appears in the Contents window.
- Double-click the user for which you want to grant administrative permissions. The Properties dialog for that user opens.
- Click the Authorization tab.
- Use the expandable hierarchy in the left panel to choose areas of functionality. As each is selected, the permissions pertaining to it are displayed in the right panel. Select or clear the appropriate check boxes to grant or deny permissions to the user.
This process is highly flexible, and by its nature, virtually any permission can be considered administrative in some capacity or other. However, there are some permissions that might be considered core administrative permissions that grant access that would be critical to anyone needing to administer aspects of the system. These include, but are not necessarily limited to, the following:
Application Administrator: Allow Access
Server Manager: Allow Access, Start/Stop Servers, Turn On/Off Dynamic Calculations
-
Users and Groups - Groups: Group Administration
Note: Users may have symbol access for the Administrator Role to be able to perform Group Administration.
-
Users and Groups - Users: User Administration, Reset Passwords, Select Groups (for which the user will have administration)
Note: Groups are unavailable if the user is not a member. Groups must have symbol access for the Administrator Role to be able to perform User Administration.
- When you have finished adding permissions to the user, click OK.
For more information on the complete range of available permissions, see Creating Users.
Adding a user to an administrative group
To grant administrative permissions to an existing user by adding that user to a group with administrative permissions, follow these steps:
- Open Longview Application Administrator.
- In the Server Explorer pane, expand Users and Groups and select Users. The list of users appears in the Contents window.
- Double-click the user for which you want to grant administrative permissions. The Properties dialog for that user opens.
- Click the Groups tab. A list of the available groups appears.
- Select a group that has administrative permissions to add the user to that group.
- Click OK. The user is added to the group and inherits the administrative permissions of the group.
Granting administrative permissions to a group
This section explains the methods by which you can give groups administrative permissions.
Note: To create a new group instead, follow the steps listed in Creating Groups.
Adding permissions to a group
To grant administrative permissions to an existing group, follow these steps:
- Open Longview Application Administrator.
- In the Server Explorer pane, expand Users and Groups, and select Groups. The list of groups appears in the Contents window.
- Double-click the group you want to work with. The properties dialog opens.
- Click the Authorization tab.
- Use the expandable hierarchy in the left panel to choose areas of functionality. Permissions for each category are listed in the right panel. Select or clear the appropriate check boxes to grant or deny permissions to the group.
This process is highly flexible, and by its nature, virtually any permission can be considered administrative in some capacity or other. However, there are some permissions that might be considered core administrative permissions that grant access that would be critical to anyone needing to administer aspects of the system. These include, but are not necessarily limited to, the following:
Application Administrator: Allow Access
Server Manager: Allow Access, Start/Stop Servers, Turn On/Off Dynamic Calculations
-
Users and Groups - Groups: Group Administration
Note: Users may have symbol access for the Administrator Role to be able to perform Group Administration.
-
Users and Groups - Users: User Administration, Reset Passwords, Select Groups (for which the user will have administration)
Note: Groups must have symbol access for the Administrator Role to be able to perform User Administration.
- When you have finished adding permissions to the group, click OK.
For more information on the complete range of available permissions, see Creating Groups.
Adding users to the group
To add users to the group and provide them with its administrative permissions, follow these steps:
- Open Longview Application Administrator.
- In the Server Explorer pane, expand Users and Groups, and select Groups. The list of groups appears in the Contents window.
- Double-click the group to add users. The Properties dialog opens.
- Click the Users tab.
- Select the users you want to add to the group.
- When you are finished adding users, click OK.