User Management

Note

This section applies to SpectX Server.

Roles

SpectX Server implements three roles with regards to user rights: Administrator, UserAdmin and User.

The Administrator role is assigned by Administrator setting in the user properties dialog in the “Admin - Users and Groups” view. Administrator has rights to:

  1. Supervise managed datastores.
  2. Manage Users and Groups.
  3. Access System status management view.
  4. Manages Access Control to user files stored in SpectX Server.

UserAdmin role is granted by assigning a user to group defined by userAdminGroup configuration setting. UserAdmin has rights to:

  1. Manage Users and Groups, except for Administrator users.

The user role does not have rights to any of the above.

In larger organizations, the roles of managing source data (collection/storage) and writing analytics queries may be separated. In the case when analysts should not have direct access to data then they should be assigned User roles and respective datastores should be placed into the System folder.

When you want to isolate the roles of data structure definition and analytics then defined patterns should be placed into the System folder. Use the views to accomplish both data access and structure isolation.

Further customization of access rights can be done using access control lists.

Managing Users and Groups

Administrator role has the right to create, modify and delete user accounts, groups, external group mappings.

These settings can be accessed in the UI by clicking the Admin - Users and Groups.

Note

Deleting a user account does not remove any logs associated with the users’ activity or the user-created files in the Resource Tree.

Warning

Removing a user does not enforce closing active sessions. After removing a user, administrators can confirm that a user is not still remotely logged into SpectX Server by clicking System Status > Loggedin Users in the Data Store Pane.

User Account Properties

  • Username: - The name of the user.
  • Full Name - Username shown to other users in groups.
  • Timezone - Timezone for displaying TIMESTAMP and TIMESTAMP_NANO fields. If not explicitly set then operating system timezone is used.
  • New Password - For changing user password.
  • Re-enter Password - For changing user password.
  • API Access Key - API access key for Authentication.
  • Groups - The groups that the user is assigned to.
  • Editor Keymap - Enables the configuration of hotkey shortcuts.

Groups

Groups are used to assign access control permissions for users. Access control lists accept groups defined locally in SpectX Server or obtained from external identity management systems (such as Integrated Windows Authentication or SAML SSO).

Under the Admin - Users and Groups/Groups administrator role can define local groups.

Mapping External Groups

The Active Directory group SID can be mapped to a friendly name. Mapped groups can be used in defining access control permissions.

The Administrator role can use Admin - Users and Groups/External Groups to define mappings.