Users Tab

The default user, mzadmin, will always have full permissions for any activity.

It is recommended that the password for mzadmin is changed and kept in a safe place. Instead personal accounts should be created and used for handling the system in order to track changes.

Create new user, edit user, delete user and change password for a user can be performed in Access Controller desktop online UI. Performing said action will require a user with Write permission on Access Controller.

Users with the Execute permission can only view the Users.

Users Table

When users with Write permission for Access Controller are on the Access Controller dashboard, the logged in user will see a list of Users displayed in the Users Table.

Users from the SSO login will be displayed here as well, you can refer to Single Sign On (OIDC) for more information about the SSO.

Users from an LDAP server will not be displayed in the Access Controller Users list, refer to LDAP Authentication for more information.

Access Controller dashboard button configuration for users with Write permission
Access Controller dashboard button configuration for users with Execute permission

Adding a New User

To Add a User:

  1. Click on the New User button.

  2. Fill in the details according to the description below and click Save button. 

Info!

Save button will remain greyed out until a field is filled in.

 

Setting

Description

Enable

Check to enable the user's predefined access rights. Leaving this unchecked will result in the user not being able to login.

Username

Enter the name of the user. Valid characters are: A-Z, a-z, 0-9, '-' and '_'.

Note!

A username must be unique. This also applies if you use an external authentication method, such as LDAP or SSO.



Full Name

Enter a descriptive name of the user.

Email

Enter the user's e-mail address. This address will be automatically applied to applications from which e-mails may be sent.

Validity Period

Check to enable the user's validity period for access to the system. Once the validity period for the user is over, the user will be disabled but not removed from the users list. This is so the user can be enabled again if needed.

From

From Date. User is allowed to login from this Date.

To

To Date. User is allowed to login until this Date.

Successor

A successor must be defined for when you want to remove the user that has ownership of configuration objects. The ownership of the configuration will be moved to whichever user is set as this user's successor.

Allow access through SCIM

Check to enable access through SCIM API.  Refer to SCIM for more information.

Password

Enter a password for the user account.

Note!

The password is required when executing certain mzsh commands, so you should take into consideration the special characters used by bash and we do not recommend the use of these characters as part of your password. These characters are $, \, /, |, *, &, space and any other special characters used by bash. For a better understanding of the characters not recommended to be included in your password, refer to https://mywiki.wooledge.org/BashGuide/SpecialCharacters.



Verify Password

Re-enter the password.

Default Group

Set as default group for the user. By default, this group will have read, write and execute permissions for new configurations created by the user.

Member Groups

The user is registered as a member of the specific group.  An user is allowed to be a member for multiple access groups.

Edit User

To Edit a User:

  1. Click on the Edit button at the end of the row of the user you want to edit.

  2. Update the fields and click the Save button.

 

Delete User

To delete a User:

  1. Click on the Delete button at the end of the row of the user you want to remove.

  2. On the confirmation dialog, click Delete to continue deletion.

 



When deleting a user with a successor, all the configuration ownership for the user would be updated to the successor automatically.

When deleting a user without a successor, a dialog would pop up to confirm if you would like to transfer the ownership of the configuration to any other user with the proper access rights for the configuration.

On confirmation, you would be able to choose the successor from a new dialog window. Clicking Set and delete would remove the user and update the ownership to the successor.

Change Password

To change password for a user:

  1. Click on the meatball menu button at the end of the row of the user you want to have the password changed, and then click on the Change Password button.

  2. Enter new password and confirm password.

  3. Click the Change Password button.

View User

The View button is displayed instead of the Edit button when the logged in user only has the Execute permission for Access Controller.  All fields in the View user screen will be disabled.