Desktop Online Users Tab(3.3)

Owned by Jenni Wallin
Last updated: Oct 06, 2023 by Chooi San Chong
5 min read

The default user, mzadmin, will always have full permissions for any activity.

It is recommended that the password for mzadmin is changed and kept in a safe place. Instead personal accounts should be created and used for handling the system in order to track changes.

Create new user, edit user, delete user and change password for a user can be performed in Access Controller desktop online UI. Performing said action will require a user with Write permission on Access Controller.

Users with the Execute permission can only view the Users.

Users Table

When users with Write permission for Access Controller are on the Access Controller dashboard, the logged in user will see a list of Users displayed in the Users Table.

Users from the SSO login will be displayed here as well, you can refer to Single Sign On(3.2) for more information about the SSO.

Users from an LDAP server will not be displayed in the Access Controller Users list, refer to LDAP Authentication(3.2) for more information.

Access Controller dashboard button configuration for users with Write permission

Access Controller dashboard button configuration for users with Execute permission

Adding a New User

To Add a User:

  1. Click on the New User button.
  2. Fill in the details according to the description below and click Save button. 

Info!

Save button will remain greyed out until a field is filled in.

Access Controller - Add new user screen

SettingDescription

Enable

Check to enable the user's predefined access rights. Leaving this unchecked will result in the user not being able to login.

Username

Enter the name of the user. Valid characters are: A-Z, a-z, 0-9, '-' and '_'.

Note!

A username must be unique. This also applies if you use an external authentication method, such as LDAP or SSO.

Full Name

Enter a descriptive name of the user.

Email

Enter the user's e-mail address. This address will be automatically applied to applications from which e-mails may be sent.

Validity PeriodCheck to enable the user's validity period for access to the system. Once the validity period for the user is over, the user will be disabled but not removed from the users list. This is so the user can be enabled again if needed.
FromFrom Date. User is allowed to login from this Date.
ToTo Date. User is allowed to login until this Date.
SuccessorA successor must be defined for when you want to remove the user that has ownership of configuration objects. The ownership of the configuration will be moved to whichever user is set as this user's successor.
Allow access through SCIMCheck to enable access through SCIM API.  Refer to SCIM(3.2) for more information.

Password

Enter a password for the user account.

Note!

The password is required when executing certain mzcli commands, so you should take into consideration the special characters used by bash and we do not recommend the use of these characters as part of your password. These characters are $, \, /, |, *, &, space and any other special characters used by bash. For a better understanding of the characters not recommended to be included in your password, refer to https://mywiki.wooledge.org/BashGuide/SpecialCharacters.

Verify Password

Re-enter the password.

Default Group

Set as default group for the user. By default, this group will have read, write and execute permissions for new configurations created by the user.

Member Groups

The user is registered as a member of the specific group.  An user is allowed to be a member for multiple access groups.

Edit User

To Edit a User:

  1. Click on the Edit button at the end of the row of the user you want to edit.
  2. Update the fields and click the Save button.

Info!

Consider the following when editing a user:

  • Save button will be enabled when users started to fill in the fields.
  • Non SSO users will be allowed to edit all fields except Username.
  • SSO users will only be allowed to edit Successor and Allow access through SCIM option.

Access Controller - Edit user screen - standard users

Access Controller - Edit user screen - SSO users

Delete User

To delete a User:

  1. Click on the Delete button at the end of the row of the user you want to remove.
  2. On the confirmation dialog, click Delete to continue deletion.

Info!

Consider the following when removing a user:

  • SSO users can be removed using the Access Controller.
  • The Delete button is disabled for the default user mzadmin and mzk8soperator.


Access Controller - Delete confirmation dialog


When deleting a user with a successor, all the configuration ownership for the user would be updated to the successor automatically.

When deleting a user without a successor, a dialog would pop up to confirm if you would like to transfer the ownership of the configuration to any other user with the proper access rights for the configuration.

On confirmation, you would be able to choose the successor from a new dialog window. Clicking Set and delete would remove the user and update the ownership to the successor.

Access Controller - Cannot delete user dialog

Access Controller - Set Successor dialog

Change Password

To change password for a user:

  1. Click on the meatball menu button at the end of the row of the user you want to have the password changed, and then click on the Change Password button.
  2. Enter new password and confirm password.
  3. Click the Change Password button.

Info!

The Change Password button is disabled for users configured using SSO.


Access Controller - Change Password screen

View User

The View button is displayed instead of the Edit button when the logged in user only has the Execute permission for Access Controller.  All fields in the View user screen will be disabled.

Access Controller - View user screen