Initially, logging in to the control panel via the console is available for the administrator only. The administrator can manage all parameters himself or add other users and give them appropriate permissions to perform these operations.
Users and groups
Users
A user has the following fields:
- username
- password
Also, a user can be a member of one or more groups and has access permissions to perform several operation. A user can own applications created in the system. Also, a user has the "active" flag. With this flag, ability of that user to connect to the console can be put on hold if necessary.
Managing users is done using the commands
- show users
- add user
- remove user
- update user
- passwd
See Complete list of commands.
show users
The command is used to show existing users. Parameters:
[-d | --detail] enable detailed output
[-a | --active] show only active users
Example:
show users -d -a
add user
The command is used to add a user to the system. Parameters:
<username> the new name of the user, required
<password> the password of the user, required
<groups> a group or several groups the user should be a member of, required
Example:
add user alice passw0rd_for_alice ADMIN add user bob bobs_password DEVELOPER,STAFF
update user
The command is used to modify user data. Parameters:
[-a | --active] user status, true or false
[-m | --merge] do not remove the user from the groups already assigned to him or her, available only if the <groups> parameter is set
<username> user name, required
<groups> a group or several groups the user must be a member of
Example:
update user alice STAFF update user -m bob ADMIN,DEVELOPER update user -a false alice
passwd
Used to change the password. A member of the supergroup can change password of any users. All other users can only change their own password. Parameters:
<username> the user name you want to change the password, optional parameter
Example:
passwd passwd alice
remove user
Used to remove a user from the system. A user cannot be removed if he owns an application. Parameter:
<username> the name of the user to remove, required
Example:
remove user bob
Groups
Groups can be added and removed. You can use the following commands for that:
- show groups
- add group
- remove group
show groups
The command is used to display the list of group, there are no parameters.
Example:
show groups
add group
Used to add a group to the system. Parameters:
<group> the name of a new group, required
Example:
add group DEVELOPERS
remove group
Used to remove a group. The ADMIN group cannot be deleted from the system. If a group is the only group some user is assigned to, such a group cannot be removed. Parameters:
<group> the name of the removed group, required
Example:
remove group DEVELOPERS
Operation permissions
Every action you can perform in CLI is an operation.
You can see the complete list of operations with this command:
show operations
By default, permissions to perform all operations have users in the ADMIN group.
To add permissions for individual operations to other users and groups, use the following commands:
- show permissions
- add permission
- remove permission
- update permission
show permissions
The command is used to show existing permissions. No parameters are needed.
Example:
show permissions
add permission
The command is used to add permissions to perform certain operations. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
[-g | --groups] a group or several groups separated by commas, required unless -u is specified
[-u | --users] a user or several users separated by commas, required unless -g is specified
Example:
add permission -u bob,alice -g DEVELOPERS 'add app' add permission -g STAFF 'add user'
update permission
Used to modify existing permissions in the system. If -d or -a parameters are not specified, groups and users will be overwritten. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
[-g | --groups] a group or several groups separated by commas, required unless -u is specified
[-u | --users] a user or several users separated by commas, required unless -g is specified
[-d | --delete] delete the specified groups and users
[-a | --add] add the specified groups and users
Example:
update permission -a -u alice "add user" update permission -a -u bob -g DEVELOPERS,STAFF "add user" update permission -d -g DEVELOPERS "add user"
remove permission
Used to remove permissions from the system. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
Example:
remove permission "add user" remove permission "add app"
Examples
Add a new group and a new user
New user can add users to system.
1.Adding the STAFF group
add group STAFF show groups
2. Adding the user, bob
add user bob bobsPassword STAFF show users
3. Adding permissions to ass users to the system
add permission -g STAFF "show users" add permission -g STAFF "add user" add permission -g STAFF "update user" add permission -g STAFF "remove user"
Add a new user identical to existing user
1.Adding the user, jon
add user jon jonsPassword STAFF show users
Since the new user is added to the STAFF group, it automatically inherits permissions of that group and hence can add new users
Deactivate user
Users' data remain intact ffter deactivation, but the user cannot log in to the system
1.deactivation
update user -a false jon show users -d
Add a user with privileges
New user can view other users information
1.Adding the ACCOUNTANT group
add group ACCOUNTANT show groups
2. Adding the user, alice
add user alice alicesPassword ACCOUNTANT show users
3. Permit alice to view users
update permission -a -u alice "show users" show permissions
Permit users to change their passwords
Users in STAFF and ACCOUNTANT groups can change their passwords
1.Create a corresponding permission
add permission -g STAFF,ACCOUNTANT passwd