Users and Groups are managed from the Admin area of ProVision, under the Users tab. The Users tab contains three sub-tabs: Users, Groups, and Chart View.
To open the Groups list, click on the Groups sub-tab button under the Users tab.
Groups List Overview
When viewing the Groups List, the following is shown:
Selection checkbox: The checkboxes on the the left side of the user may be used to multi-select groups to delete
Name: The group name. Click on the name to view group details.
Enabled: Whether a group is enabled
Users: The number of users associated with the group
Processing: While group edits are being processed, an indicator will show under the processing column until changes have been propagated throughout the instance
Gear Icon (Action Menu): Right Click on the gear icon (or anywhere on the user row) to open the action menu for the group
Items per page
Select the "items per page" filter to limit the number of groups displayed at one time. Any additional users will be displayed on following pages.
Filter the list for a specific group name by typing all or part of the name in the search box.
Sort columns into ascending/descending order by clicking on the column header for any column with an up/down arrow (⇅)
Groups Permissions Overview
ProVision administrators can also create permission groups to assign users under. This allows more control over user roles.
A Group has four elements associated with it:
Users: The Users that are assigned to the group, and will be limited by the selected permissions.
Resources: Resources access may be set to Global TLR (applies to all resources), or to the level of individually selected resources.
Functional Area: The ProVision functional area (IPAM, Resources, Peering, etc) for the selected resource(s) that permissions are set under.
Permission Level: Create, Read, Update, and Delete (C/R/U/D) permissions may be set under each functional area for each resource selected.
In the example above, the group “MyGroup” allows the users Bob Smith and Jane Doe to only read IPAM and DNS data for the Resource “Awesome Co”.
Through the use of these four elements, Groups can create permissions structures that are as flexible as you need.
Two default groups are available initially in ProVision:
- Global Admin (may not be edited or deleted)
- Global Read-Only (may not be edited or deleted)
These Global groups allow for access to the entire ProVision platform. You may add additional Global groups by creating a new group using the TLR (Top Level Resource). You may also add detailed resource level group permissions by selected individual resources.
For more detail on top-level and resource permissions, see Global Permissions and Resource Permissions.
Overlapping group and user permissions
Permissions are inherited based on the hierarchy of the objects, unless you specify a different permission!
Working with Groups
Create a Group
New groups can be created by ProVision administrators by clicking the green "Create Group" button at the upper right of the Groups page.
Add in the name of the new group.
Set the permissions for that group by selecting the resource(s) from the Resource lookup dropdown menu, clicking the "Add resource" button, and checking the functional areas that you want accessible.
By clicking the checkbox in the upper corner of a permissions box you can select all the checkboxes in that section.
To delete a Resource from the permissions list, simply click the "x" icon in the upper right corner. Click "Save" when done.
In the example below, we make a group called "Some Lab Group", whose users we want to be able to access two resources: 6connect Labz and 7connect Labs.
These users will be working extensively in IPAM and Resources, so we give them full access to those areas of ProVision. However, we also want them to view other information, but not edit it. We then check the "R" column under Peer and User.
Click "Save" when complete. After adding the group, you can add users to the group by selecting the group when editing a user account or from the "Manage Users" section when editing a group.
Edit a Group
To edit a group's information click on the Action Menu (gear icon) for the group and select "Group Details" or click on the group name.
This will bring up the Edit Group screen. From here you can edit the group name or comment, add or remove users from a group, or change resource permissions for the group.
Remember to hit "Save" when done.
Manage Group Users
To add or remove users from the Group Details page, click the "Manage Users" button in the Group Users section.
Select a user from the dropdown and click "Add user to group".
The selected user will then appear on the list of users below. You may remove a user by clicking the delete icon.
Users added to a group are listed in the Group Users section. Click the arrow next to a user name to go to the User Details screen.
Delete a Group
To remove a group from the Groups list, click on the Action Menu (gear icon) for the user and select the "Delete group" option.
You may also delete a group from the Group Details page by clicking the "Delete group" button at the bottom left of the page.
You may also select more than one group to delete.
To do so, select the checkboxes for the desired groups, then under the "Actions" menu at the top of the list, select "Delete selected groups".
Note: Users cannot edit or delete permissions for the Group to which they currently belong, unless they are also a member of the default Global Admin Group.
For more information on Users and Groups, see the following areas: