Users Tab (4.3)
The default user, mzadmin, will always have full permissions for any activity.
It is recommended that the password for mzadmin is changed and kept in a safe place. Personal accounts should be created and used for handling the system in order to track changes instead.
In Access Controller you can create, edit, and delete users, as well as change passwords, but you need Write permissions for Access Controller.
Users with the Execute permission can only view the users.
Users Table
When you have Write permission for Access Controller you will see list of Users displayed in the Users Table in the Access Controller screen.
Users from the SSO login will be displayed here as well, see Single Sign On(4.3)Â for more information about the SSO.
Users from an LDAP server will not be displayed in the Access Controller Users list, see LDAP Authentication(4.3).
Adding a New User
To add a new user:
Click on the New User button.
Fill in the details according to the description below and click Save.Â
Info!
The Save button will remain greyed out until a field is filled in.
Setting | Description |
Enable | Select this checkbox to enable the user's predefined access rights. Leaving this checkbox unselected will result in the user not being able to login. |
Username | Enter the name of the user. Valid characters are: A-Z, a-z, 0-9, '-' and '_'. Note!A username must be unique. This also applies if you use an external authentication method, such as LDAP or SSO. |
Full Name | Enter a descriptive name of the user. |
Enter the user's e-mail address. This address will be automatically applied to applications from which e-mails may be sent. | |
Validity Period | Select this checkbox to enable the user's validity period for access to the system. Once the validity period for the user is over, the user will be disabled but not removed from the users list, which allows you to enable the user again if needed. |
From | From Date. User is allowed to login from this Date. |
To | To Date. User is allowed to login until this Date. |
Successor | A successor must be defined for when you want to remove a user that owns configuration objects. The ownership of the configuration will be moved to whichever user is set as this user's successor. |
Allow access through SCIM | Select this check box to enable access through SCIM API, see SCIM(4.3). |
Password | Enter a password for the user account. Note!The password is required when executing certain mzcli commands, so you should take into consideration the special characters used by bash and we do not recommend the use of these characters as part of your password. These characters are $, \, /, |, *, &, space and any other special characters used by bash. For a better understanding of the characters not recommended to be included in your password, see https://mywiki.wooledge.org/BashGuide/SpecialCharacters. |
Verify Password | Re-enter the password. |
Default Group | Select the default group for the user. By default, this group will have read, write and execute permissions for new configurations created by the user. |
Member Groups | The user is registered as a member of the specific group. A user is allowed to be a member for multiple access groups. |
Edit User
To edit a user:
Click on the Edit button to the right in the row of the user you want to edit.
Update the fields and click the Save button.
Access Controller - Edit user screen - standard users
Access Controller - Edit user screen - SSO users
Delete User
To delete a User:
Click on the Delete button at the end of the row of the user you want to remove.
On the confirmation dialog, click Delete to continue deletion.
When deleting a user with a successor, all the configuration ownership for the user would be updated to the successor automatically.
When deleting a user without a successor, a dialog would pop up to confirm if you would like to transfer the ownership of the configuration to any other user with the proper access rights for the configuration.
On confirmation, you would be able to choose the successor from a new dialog window. Clicking Set and delete would remove the user and update the ownership to the successor.
Change Password
To change password for a user:
Click on the meatball menu button at the end of the row of the user you want to have the password changed, and then click on the Change Password button.
Enter new password and confirm password.
Click the Change Password button.
View User
The View button is displayed instead of the Edit button when the logged in user only has the Execute permission for Access Controller. All fields in the View user screen will be disabled.
Â