Initially, logging in to the control panel via the console is available for the administrator only. The administrator can manage all parameters himself or add other users and give them appropriate permissions to perform these operations.
A user has the following fields:
Also, a user can be a member of one or more groups and has access permissions to perform several operation. A user can own applications created in the system. Also, a user has the "active" flag. With this flag, ability of that user to connect to the console can be put on hold if necessary.
Managing users is done using the commands
SeeĀ Complete list of commands.
The command is used to show existing users. Parameters:
[-d | --detail] enable detailed output
[-a | --active] show only active users
Example:
show users -d -a |
The command is used to add a user to the system. Parameters:
<username> the new name of the user, required
<password> the password of the user, required
<groups> a group or several groups the user should be a member of, required
Example:
add user alice passw0rd_for_alice ADMIN add user bob bobs_password DEVELOPER,STAFF |
The command is used to modify user data. Parameters:
[-a | --active] user status, true or false
[-m | --merge] do not remove the user from the groups already assigned to him or her, available only if the <groups> parameter is set
<username> user name, required
<groups> a group or several groups the user must be a member of
Example:
update user alice STAFF update user -m bob ADMIN,DEVELOPER update user -a false alice |
Used to change the password. A member of the supergroup can change password of any users. All other users can only change their own password. Parameters:
<username> the user name you want to change the password, optional parameter
Example:
passwd passwd alice |
Used to remove a user from the system. A user cannot be removed if he owns an application. Parameter:
<username> the name of the user to remove, required
Example:
remove user bob |
Groups can be added and removed. You can use the following commands for that:
The command is used to display the list of group, there are no parameters.
Example:
show groups |
Used to add a group to the system. Parameters:
<group> the name of a new group, required
Example:
add group DEVELOPERS |
Used to remove a group. The ADMIN group cannot be deleted from the system. If a group is the only group some user is assigned to, such a group cannot be removed. Parameters:
<group> the name of the removed group, required
Example:
remove group DEVELOPERS |
Every action you can perform in CLI is an operation.
You can see the complete list of operations with this command:
show operations |
By default, permissions to perform all operations have users in the ADMIN group.
To add permissions for individual operations to other users and groups, use the following commands:
The command is used to show existing permissions. No parameters are needed.
Example:
show permissions |
The command is used to add permissions to perform certain operations. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
[-g | --groups] a group or several groups separated by commas, required unless -u is specified
[-u | --users] a user or several users separated by commas, required unless -g is specified
Example:
add permission -u bob,alice -g DEVELOPERS 'add app' add permission -g STAFF 'add user' |
Used to modify existing permissions in the system. If -d or -a parameters are not specified, groups and users will be overwritten. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
[-g | --groups] a group or several groups separated by commas, required unless -u is specified
[-u | --users] a user or several users separated by commas, required unless -g is specified
[-d | --delete] delete the specified groups and users
[-a | --add] add the specified groups and users
Example:
update permission -a -u alice "add user" update permission -a -u bob -g DEVELOPERS,STAFF "add user" update permission -d -g DEVELOPERS "add user" |
Used to remove permissions from the system. Parameters:
<operation> the name of the operation (as shown by the show operations command), required
Example:
remove permission "add user" remove permission "add app" |
New user can add users to system.
1.Adding the STAFF group
add group STAFF show groups |
2. Adding the user, bob
add user bob bobsPassword STAFF show users |
3. Adding permissions to ass users to the system
add permission -g STAFF "show users" add permission -g STAFF "add user" add permission -g STAFF "update user" add permission -g STAFF "remove user" |
1.Adding the user, jon
add user jon jonsPassword STAFF show users |
Since the new user is added to the STAFF group, it automatically inherits permissions of that group and hence can add new users
Users' data remain intact ffter deactivation, but the user cannot log in to the system
1.deactivation
update user -a false jon show users -d |
New user can view other users information
1.Adding the ACCOUNTANT group
add group ACCOUNTANT show groups |
2. Adding the user, alice
add user alice alicesPassword ACCOUNTANT show users |
3. Permit alice to view users
update permission -a -u alice "show users" show permissions |
Users in STAFF and ACCOUNTANT groups can change their passwords
1.Create a corresponding permission
add permission -g STAFF,ACCOUNTANT passwd |