| |
| master:user [2019/01/18 01:38] – [Identity] Scott Cunliffe | master:user [2025/01/21 22:07] (current) – external edit 127.0.0.1 |
|---|
| To be able to login to a TapeTrack Framework Server, you must have a [[object:user|User-ID]] and password. | To be able to login to a TapeTrack Framework Server, you must have a [[object:user|User-ID]] and password. |
| |
| This section describes how to add a new User-ID and set attributes for that User-ID. | This section describes how to create a new User-ID and set Attributes for that User-ID. |
| |
| |
| ===== Group/User Administration ===== | ===== Group/User Administration ===== |
| |
| On the ''Administration'' drop-down menu in TapeTrack TapeMaster select ''Group/User Administration''. | From the main menu select ''Administration'' -> ''Group/User Administration''. |
| |
| {{:master:tapemaster_user.png}} | <note tip>If the menu option **Administration** is greyed out and inaccessible, you do not have sufficient privileges (tapemaster rights) to add Users</note> |
| | |
| | {{menu_admin_group_user_admin.gif}} |
| |
| To add a new User, right-click in the white space on the User Administration screen and select ''Add''. | To add a new User, right-click in the white space on the User Administration screen and select ''Add''. |
| |
| {{:master:tapemaster_user_add.png}} | {{menu_admin_group_user_admin_add.gif}} |
| |
| To update an existing User, double-click on that User or right-click and select ''Properties''. | To update an existing User, double-click on that User or right-click and select ''Properties''. |
| |
| ===== Identity ===== | ===== Identity ===== |
| | |
| | {{menu_admin_group_user_admin_add_identity.png}} |
| | |
| The ''Identity'' tab provides fields to update the: | The ''Identity'' tab provides fields to update the: |
| * Identity | * **Identity** |
| * ''User-ID'': The User ID will be the user name that the user uses to login to TapeTrack products. | * **User-ID**: The User-ID will be the user name that the user uses to login to TapeTrack products. |
| * ''Name'': The name is the User's desired display name. | * **Name**: The name is the User's desired display name. |
| * Group | * **Group** |
| * Group ID: Select group to assign user to from the drop-down list or [[master:create_group|add new group]]. | * **Group-ID**: Select group to assign user to from the drop-down list or [[master:create_group|add new group]]. |
| * Options | * **Role**: Hierarchical role of the User. |
| * Administrative rights: When set to ''True'' the User will have Administration Rights with Server Administrator privileges or the ability to Add/Delete Customers and Add/Delete Media Types. | * **Options** |
| * Scan-In Only: When set to ''True'' the User will only be able to Scan tapes into the system. | * **Administrative rights**: When set to ''True'' the User will have Administration Rights with Server Administrator privileges or the ability to Add/Delete Customers and Media Types. |
| * Disabled: When set to ''True'' the User's access will be in a disabled status, so that they are not able to access any TapeTrack products. This does not delete the User. | * **Scan-In Only**: When set to ''True'' the User will only be able to Scan tapes into the system. |
| * No Scanner: When set to ''True'' the Barcode Scanning Window will provide an auto-complete drop-down. | * **Disabled**: When set to ''True'' the User's access will be in a disabled status, so that they are not able to access any TapeTrack products. This does not delete the User. |
| * No Time-Out: By default, all User's are logged out of TapeMaster after ten minutes of inactivity. Setting this to ''True'', the selected User will not time out. | * **No Scanner**: When set to ''True'' the Barcode Scanning Window will provide an auto-complete drop-down. |
| * tapemaster rights: When set to ''True'', it allows the User to gain the same administrative rights as the tapemaster superuser account. | * **No Time-Out**: By default, all User's are logged out of TapeMaster after ten minutes of inactivity. Setting this to ''True'', the selected User will not time out. |
| * Certify | * **tapemaster rights**: When set to ''True'', it allows the User to gain the same administrative rights as the tapemaster superuser account. Only the User-ID tapemaster can add tapemaster rights to another user. |
| * AD Domain | * **Allow access inheritance**: Allows User to inherit another User's access rights using variable [[variable:tmssuserinherit|TMSSUSERINHERIT]] with [[cli:introduction|Command Line Utility]] Programs |
| * Require AD Group | * **Certify**: Assigns the ability to [[master:generate_certificate|generate certificates]]. |
| * Client Access | * **AD Domain**: This is required if the User logs on to TapeTrack with their Active Directory Username and Password. |
| * TapeMaster | * **Require AD Group**: When set to ''True'', the User must use their [[https://en.wikipedia.org/wiki/Active_Directory|Active Directory]] credentials to logon. |
| * Lite | * **Client Access** |
| * Checkpoint | * **TapeMaster**: Authorizes User-ID access to TapeMaster |
| * Sync | * **Lite**: Authorizes User-ID access to Lite |
| * Details | * **Checkpoint**: Authorizes User-ID access to Checkpoint |
| * Email Address | * **Sync**: Authorizes User-ID access to Sync software. |
| * Description | * **Details** |
| * Defaults | * **Email Address**: Allows inclusion of user email, which may be used instead of username to log into TapeTrack directly (ie not using Active Directory) |
| * Customer-ID | * **Description**: Add description to User-ID. |
| | * **Defaults** |
| | * **Customer-ID**: Sets Customer-ID for User in Scan-In window. Once Customer-ID is set, Media-ID field will be displayed. |
| | * **Media-ID**: Sets Media-ID for User in Scan-In window. |
| | * **One-Time-Password** |
| | * **Enabled**: Enables the use of 2FA or One time password for login. |
| | * **Activated**: Shows if 2FA or One time password is activated. Activated only displays if Enabled is set to True. |
| |
| |
| | |
| <note important>If using windows Active Domain to log into TapeTrack, the username must match your AD username</note> | <note important>If using windows Active Domain to log into TapeTrack, the username must match your AD username</note> |
| {{:master:tapemaster_user_add_identity.png}} | |
| |
| |
| ===== Group ===== | |
| The ''Group'' tab is where a User is added to a group depending on their role and access required. | |
| * Group: Associates the selected User with a Group. | |
| * Role: Sets the Role for the User. | |
| {{:master:tapemaster_user_add_group.png}} | |
| |
| |
| |
| ===== IP Ranges ===== | |
| |
| The ''IP Ranges'' tab sets restrictions on which IP addresses a User can access the TapeTrack Server from. To add or delete, right-click the window. Global Access (0.0.0.0) will allow access from any IP. | |
| |
| {{:master:tapemaster_user_ip.png}} | |
| |
| ===== Access ===== | ===== IP Ranges ===== |
| The ''Access'' tab sets permissions for which Customers the selected User can access and how that User can interact with Volumes in the selected Customer. | |
| |
| {{:master:tapemaster_user_add_access.png}} | The ''IP Ranges'' tab sets restrictions on which IP addresses a User can access the TapeTrack Server from. |
| * Customer ID: Enter the Customer-ID for the Customer that the User should have access to. | |
| * US01 will give access to US01 only | |
| * US* will give access to all customers starting with US | |
| * * will give access to all customers | |
| * Read: Allows the User to view but not update Volumes in the above Customer. Must be enabled for the User to be able to view Volumes in the selected Customer ID. | |
| * Write: Allows the User to perform basic operations for Volumes in a Customer. | |
| * Alter: Allows the User to Add and Delete Media and Volumes to the selected Customer. | |
| Click ''Add''. | |
| |
| ===== Options ===== | If setting IP's, ensure Users have a static IP address so they are not denied access if trying to access from a dynamic address such as using a remote or home connection. |
| The ''Options'' tab has 3 sections to provide access to additional features of the software. | |
| |
| {{:master:tapemaster_user_add_options.png?474}} | {{menu_admin_group_user_admin_add_ipranges.gif}} |
| ==== Options ==== | |
| In the ''Options'' section is where you can select ''True'' or ''False'' to give that User access to that feature. | |
| |
| * **Administrative rights**: When set to ''True'' the User will have Administration Rights with Server Administrator privileges or the ability to Add/Delete Customers and Add/Delete Media Types. | To add or delete, right-click the window and select from the menu. |
| * **Scan-In Only**: When set to ''True'' the User will only be able to Scan tapes into the system. | |
| * **Disabled**: When set to ''True'' the User's access will be in a disabled status, so that they are not able to access any TapeTrack products. This does not delete the User. | |
| * **No Scanner**: When set to ''True'' the Barcode Scanning Window will provide an auto-complete drop-down. | |
| * **No Time-Out**: By default, all User's are logged out of TapeMaster after ten minutes of inactivity. Setting this to ''True'', the selected User will not time out. | |
| * **Tapemaster rights**: When set to ''True'', it allows the User to gain the same administrative rights as the tapemaster superuser account. | |
| * **Certify**: Assigns the ability to [[master:generate_certificate|generate certificates]]. | |
| * **AD Domain**: This is required if the User logs on to TapeTrack with their Active Directory Username and Password. | |
| * **Require AD Group**: When set to ''True'', the User must use their [[https://en.wikipedia.org/wiki/Active_Directory|Active Directory]] credentials. | |
| |
| | Global Access (0.0.0.0) will allow access from any IP, this value will need to be removed if added a restricted IP list as all values in the list are valid. |
| |
| ==== Client Access ==== | |
| |
| * When any of the ''Client Access'' are set to ''True'', it allows the User to have access to the TapeTrack software that is selected. | ===== Access ===== |
| | The ''Access'' tab sets permissions for which Customers the selected User can access and how that User can interact with Volumes in the selected Customer. |
| |
| Default settings give access to TapeMaster, Lite and Sync. | {{menu_admin_group_user_admin_add_access.gif}} |
| |
| ==== Details ==== | * **Customer-ID**: Enter the Customer-ID for the Customer that the User should have access to. |
| | * US01 will give access to US01 only |
| * Allows inclusion of user email, which may be used instead of username to log into TapeTrack directly (ie not using Active Directory). | * US* will give access to all customers starting with US |
| ==== Defaults ==== | * * will give access to all customers |
| | * **Read**: Allows the User to view but not update Volumes in the above Customer. Must be enabled for the User to be able to view Volumes in the selected Customer-ID. |
| The ''Defaults'' tab sets a User's default [[object:customer|Customer]] and [[object:media|Media Type]] for Barcode scanning. These defaults can be changed in the [[desktop:scan_window|Barcode Scanning Window]] at any point. | * **Write**: Allows the User to perform basic operations for Volumes to the selected Customer. |
| | * **Alter**: Allows the User to Add and Delete Media and Volumes to the selected Customer. |
| {{:master:tapemaster_user_add_defaults.png}} | * **Catalog**: Allows User to access Catalog information on the selected Customer. |
| |
| Once all information is correct and complete click ''Save'' to create new user. Repeat instructions above to add more user-ID's or click the ''X'' at the top right corner to close the **User Administration** window. | For each Customer access, click ''Add'' to commit the data. Predicted access rights will then be displayed in the lower window. |
| |
| | Once all data has been entered, click ''Save'' to create User. |
| |
| [[:troubleshooting:add_user|Troubleshooting: Add user errors]] | [[:troubleshooting:add_user|Troubleshooting: Add user errors]] |
| |
| |
| <- master:set_password|Setting a password^ master:starting|Getting Started ^ master:customer|Creating a new customer-> | <- master:set_password|Setting a password^ master:starting|Getting Started ^ master:customer|Creating a new Customer-> |
| | |
| |
