Role-Based Access Control
Copyright © 2020 . All rights reserved.
To return to the main documentation page, Click Here.
Role-Based Access Control (RBAC) is a method for controlling system access based on roles assigned to users within an organization. Userful’s RBAC is defined around predefined roles and the privileges associated with those roles. Roles are a collection of permissions that you can assign to a user group; this allows the privileges associated with that role to be performed on an application within the Userful system: Control Center, Command and Control and User Management.
Using RBAC, you can manage who has access to specific Userful applications, and the actions a user can perform within those applications.
Before implementing RBAC you should evaluate the needs of the users in your organization and, based on the level of access they require to perform their duties, group users into roles that satisfy those requirements. It is a best practice to limit users to the minimum required role necessary for them to complete their assigned tasks.
How Userful’s RBAC Works
Predefined role assignments determine who can access specific Userful applications, and what actions an individual user can perform within that application. An administrator assigns predefined roles to users; each user can be assigned multiple roles. Certain privileged users (such as the Administrator) map specific applications and permissions to predefined roles and then assign those roles to users.
Note: User accounts created through RBAC apply to the Userful Control Center and Command & Control only and cannot be used to log into the underlying Linux operating system or Linux Desktop sources.
Users & User Groups
To get started with the Role Based Access Control, click on Users in the left side menu of the Userful Control Center. Initially the User Accounts table will be empty, while the list of groups will include three legacy group names: Admin, Operator and Restricted. These predefined roles belong to the operating system level and cannot be modified with granular permissions. It is recommended to start creating new groups from scratch.
To add a group:
- Click the "Add Group" button
- Enter "Group Name" & "Description"
- Enable the required permissions for the group under each system application and click "OK"
The screenshot shows an example of adding a new group with view/read-only access to the command and control application:
To add a user:
- Click the "Add User" button
- Enter "User Name" & "Description"
- Enter "Password" and "Repeat Password" in respective fields
- Assign user to predefined role(s) by enabling required group(s) and click "OK"
The screenshot shows an example of a new user being assigned to the "View C&C" group:
Once the changes have been saved, the overview page will show all users, the group(s) they belong to and the permissions that have been applied to any given group. The pen icon to the left of a user name or custom group enables administrators to make changes whenever necessary.
RBAC Permission Descriptions
The Control Center is a browser-based central management interface for administering the Userful software.
|Event Scheduler||Create, update and delete items in the event scheduler|
|Event-Scheduler view||View-only access to the event scheduler|
|Network-Display management||Admin access to the “Displays” menu|
|Network-Display view||View-only access to the “Displays” menu|
|Operation-Support||Admin access to the “Support” menu|
|Operation-Support view||View-only access to the “Support” menu|
|Station-Mapping administration||Admin access to the “Mapping” menu|
|Station-Mapping view||View-only access to the “Mapping” menu|
|System settings||Admin access to the “Settings” menu|
|System settings view||View-only access to the “Settings” menu|
Command & Control
The Command And Control Module provides you with a drag and drop GUI to resize and arrange sources in real time within the video wall canvas.
|Audio||Access to audio setting of sources|
|Layout management||Create, update and delete layouts|
|Layout switching||Ability to switch between existing layouts|
|Source activation||Creation of instances from sources in the popup list|
|Source interactive viewer||Ability to interact with sources (where supported)|
|Source management||Create, update and delete sources from the list|
|Source-instance arrangement||Minimize, maximize sources and moving within the canvas|
|View access||View-only access to the C&C module|
The User Management module allows you control system access based on roles assigned to users within an organization.
|Groups Administration||Create, update and delete groups|
|Users Administration||Create, update and delete user accounts|
|Users & Groups view||View-only access to the groups and users page|