The default user, mzadmin, will always have full permissions for any activity.
It is recommended that the password for mzadmin is changed and kept in a safe place. Instead personal accounts should be created and used for handling the system in order to track changes.
Create new user, edit user, delete user and change password for a user can be performed in Access Controller desktop online UI. Performing said action will require a user with Write permission on Access Controller.
Users with the Execute permission can only view the Users.
Users Table
When users with Write permission for Access Controller are on the Access Controller dashboard, the logged in user will see a list of Users displayed in the Users Table.
Users from the SSO login will be displayed here as well, you can refer to Single Sign On (OIDC) for more information about the SSO.
Users from an LDAP server will not be displayed in the Access Controller Users list, refer to LDAP Authentication for more information.
Access Controller dashboard button configuration for users with Write permission
Access Controller dashboard button configuration for users with Execute permission
Adding a New User
To Add a User:
- Click on the New User button.
- Fill in the details according to the description below and click Save button.
Info!
Access Controller - Add new user screen
Setting | Description |
Check to enable the user's predefined access rights. Leaving this unchecked will result in the user not being able to login. | |
Username | Enter the name of the user. Valid characters are: A-Z, a-z, 0-9, '-' and '_'. Note! A username must be unique. This also applies if you use an external authentication method, such as LDAP or SSO. |
Full Name | Enter a descriptive name of the user. |
Enter the user's e-mail address. This address will be automatically applied to applications from which e-mails may be sent. | |
Validity Period | Check to enable the user's validity period for access to the system. Once the validity period for the user is over, the user will be disabled but not removed from the users list. This is so the user can be enabled again if needed. |
From | From Date. User is allowed to login from this Date. |
To | To Date. User is allowed to login until this Date. |
Successor | A successor must be defined for when you want to remove the user that has ownership of configuration objects. The ownership of the configuration will be moved to whichever user is set as this user's successor. |
Allow access through SCIM | Check to enable access through SCIM API. Refer to SCIM for more information. |
Enter a password for the user account. Note! The password is required when executing certain mzcli commands, so you should take into consideration the special characters used by bash and we do not recommend the use of these characters as part of your password. These characters are $, \, /, |, *, &, space and any other special characters used by bash. For a better understanding of the characters not recommended to be included in your password, refer to https://mywiki.wooledge.org/BashGuide/SpecialCharacters. | |
Re-enter the password. | |
Default Group | Set as default group for the user. By default, this group will have read, write and execute permissions for new configurations created by the user. |
Member Groups | The user is registered as a member of the specific group. An user is allowed to be a member for multiple access groups. |
Edit User
To Edit a User:
- Click on the Edit button at the end of the row of the user you want to edit.
- Update the fields and click the Save button.
Info!
Consider the following when editing a user:
- Save button will be enabled when users started to fill in the fields.
- Non SSO users will be allowed to edit all fields except Username.
- SSO users will only be allowed to edit Successor and Allow access through SCIM option.
Access Controller - Edit user screen - standard users
Access Controller - Edit user screen - SSO users
Delete User
To delete a User:
- Click on the Delete button at the end of the row of the user you want to remove.
- On the confirmation dialog, click Delete to continue deletion.
Info!
Consider the following when removing a user:
- SSO users can be removed using the Access Controller.
- The Delete button is disabled for the default user mzadmin and mzk8soperator.
Access Controller - Delete confirmation dialog
When deleting a user with a successor, all the configuration ownership for the user would be updated to the successor automatically.
When deleting a user without a successor, a dialog would pop up to confirm if you would like to transfer the ownership of the configuration to any other user with the proper access rights for the configuration.
On confirmation, you would be able to choose the successor from a new dialog window. Clicking Set and delete would remove the user and update the ownership to the successor.
Access Controller - Cannot delete user dialog
Access Controller - Set Successor dialog
Change Password
To change password for a user:
- Click on the meatball menu button at the end of the row of the user you want to have the password changed, and then click on the Change Password button.
- Enter new password and confirm password.
- Click the Change Password button.
Info!
The Change Password button is disabled for users configured using SSO.
Access Controller - Change Password screen
View User
The View button is displayed instead of the Edit button when the logged in user only has the Execute permission for Access Controller. All fields in the View user screen will be disabled.
Access Controller - View user screen