Server
Click on the icon Server configuration in the top to open the Host parameters tab in the mein window. It displays the server defaults of the host parameters.
Server Host Parameters
Displaying and editing host parameters for the server works the same as for clients (Host Parameters: Client and Server Configuration). Click in the Property value column and make your adjustments in the dialog box that opens.
Managing User Rights and Roles
If the opsi extension User Roles is active, you can edit it in the server’s host parameters with opsi-configed
.
This is a paid extension. This means that you need an activation file to unlock it. You will receive this file after you have purchased the extension. For evaluation purposes, we’re happy to provide you with a temporary license free of charge. Please contact us via email. |
In the tree view, you might see the entry user, but this does not mean the function is active. The default value for user.{}.register
is false
. Set this to true
and deploy the modules file to activate the feature (temporarily or permanently). Afterwards, an entry for the logged-in user is created in the tree structure. The default settings used for rights management correspond to the "classic" specifications for an administrator. There are no restrictions for this role. For example, if the account is named admindepot1
, it would appear like this:
user.{admindepot1}.privilege.host.all.registered_readonly [false]
user.{admindepot1}.privilege.host.depotaccess.configured [false]
user.{admindepot1}.privilege.host.depotaccess.depots []
user.{admindepot1}.privilege.host.opsiserver.write [true]
These four entries mean:
-
The user does not have read-only access; read-only access might be suitable for a helpdesk employee.
-
There are no restrictions regarding the depot (or these are not considered).
-
Consequently, the list of depots accessible to the user can remain empty. Even if something were entered here, it would have no effect as long as
depotaccess.configured
is set tofalse
. -
The user is allowed to edit settings of all kinds.
If you want the user admindepot1
to only have access to the computers of the depot server named depot1
, you can configure it like this:
-
Set
user.{admindepot1}.privilege.host.depotaccess.configured
totrue
. -
In the list for the value
user.{admindepot1}.privilege.host.depotaccess.depots
, enterdepot1
.
After reloading all data, admindepot1
will no longer see clients from other depots. Additionally, they can only change settings for depot1
.
Users can lift all restrictions themselves as long as the setting host.opsiserver.write is set to true . Change the value to false to completely secure the settings.
|
The privileges set up in this way apply exclusively to the functionality of opsi-configed . They currently have no impact on the JSON-RPC interface of the opsi server.
|
The remaining entries that appear in the tree view pertain to the configuration of the server console (see chapter Server Console).