Role-Based Access Control

From Userful Support
Jump to navigationJump to search



Copyright © 2020 Userful Corporation. All rights reserved.
(Updated 2020.10.14)


To return to the main documentation page, Click Here.



Introduction

Role-Based Access Control (RBAC) is a method for controlling system access based on roles assigned to users within an organization. Userful’s RBAC is defined around predefined roles and the privileges associated with those roles. Roles are a collection of permissions that you can assign to a user group; this allows the privileges associated with that role to be performed on an application within the Userful system: Control Center, Command and Control and User Management.

Using RBAC, you can manage who has access to specific Userful applications, and the actions a user can perform within those applications.

Before implementing RBAC you should evaluate the needs of the users in your organization and, based on the level of access they require to perform their duties, group users into roles that satisfy those requirements. It is a best practice to limit users to the minimum required role necessary for them to complete their assigned tasks.

How Userful’s RBAC Works

Predefined role assignments determine who can access specific Userful applications, and what actions an individual user can perform within that application. An administrator assigns predefined roles to users; each user can be assigned multiple roles. Certain privileged users (such as the Administrator) map specific applications and permissions to predefined roles and then assign those roles to users.

Note: User accounts created through RBAC apply to the Userful Control Center and Command & Control only and cannot be used to log into the underlying Linux operating system or Linux Desktop sources.

Users & User Groups

To get started with the Role Based Access Control, click on Users in the left side menu of the Userful Control Center. Initially the User Accounts table will be empty, while the list of groups will include three legacy group names: Admin, Operator and Restricted. These predefined roles belong to the operating system level and cannot be modified with granular permissions. It is recommended to start creating new groups from scratch.

While using new groups is recommended, here is a breakdown of the existing groups:

ADMIN - Full control, same access as the first user or system administrator

STAFF - Intended for Public Computing deployment. Users can affect individual station logins and view interactive sessions (Cloud Desktop, Web Browser), but cannot edit sources, create video walls, or use Command & Control

OPERATOR - For use with Command & Control exclusively. Users with this group can start, close, and move sources, and also recall pre-defined Layouts, but cannot edit sources or Layouts.


Add Group

Group page.png

To add a group:

  • Click the "Add Group" button
  • Enter "Group Name" & "Description"
  • Enable the required permissions for the group under each system application and click "OK"

The screenshot shows an example of adding a new group with view/read-only access to the command and control application:

Add User

Create user.png

To add a user:

  • Click the "Add User" button
  • Enter "User Name" & "Description"
  • Enter "Password" and "Repeat Password" in respective fields
  • Assign user to predefined role(s) by enabling required group(s) and click "OK"

The screenshot shows an example of a new user being assigned to the "View C&C" group:

Overview

Once the changes have been saved, the overview page will show all users, the group(s) they belong to and the permissions that have been applied to any given group. The pen icon to the left of a user name or custom group enables administrators to make changes whenever necessary.

RBAC Permission Descriptions

Control Center

The Control Center is a browser-based central management interface for administering the Userful software.

Permission Description
Event Scheduler Create, update and delete items in the event scheduler
Event-Scheduler view View-only access to the event scheduler
Network-Display management Admin access to the “Displays” menu
Network-Display view View-only access to the “Displays” menu
Operation-Support Admin access to the “Support” menu
Operation-Support view View-only access to the “Support” menu
Station-Mapping administration Admin access to the “Mapping” menu
Station-Mapping view View-only access to the “Mapping” menu
System settings Admin access to the “Settings” menu
System settings view View-only access to the “Settings” menu

Command & Control

The Command And Control Module provides you with a drag and drop GUI to resize and arrange sources in real time within the video wall canvas.

Permission Description
Audio Access to audio setting of sources
Layout management Create, update and delete layouts
Layout switching Ability to switch between existing layouts
Source activation Creation of instances from sources in the popup list
Source interactive viewer Ability to interact with sources (where supported)
Source management Create, update and delete sources from the list
Source-instance arrangement Minimize, maximize sources and moving within the canvas
View access View-only access to the C&C module

User Management

The User Management module allows you control system access based on roles assigned to users within an organization.

Permission Description
Groups Administration Create, update and delete groups
Users Administration Create, update and delete user accounts
Users & Groups view View-only access to the groups and users page