Now that we have a running Opsview installation, it is time to look at user management.
Within Opsview, a user is referred to as a
contact while the group he or she belongs to is called a
role.
Permissions and views (what a contact can see in Opsview) are based on the role a contact belongs to. The Opsview help system is available within these screens, and so we'll only cover the most important parts just to get you going (I strongly advise you to play around with various settings to get a feel for the permissions).
Adding and assigning roles
Creating roles is done by going to
settings | Administration | Roles.
You can either add a new role by clicking on the green plus sign (located at the upper-left corner of the screen), or use the clone function to copy an existing set (removing a role can be achieved by clicking on the trash bin icon). The following screenshot shows the three icons add, delete, and clone:
Note
Clone and delete are available in all configuration pages, allowing you to quickly add or remove items.
During the installation a number of predefined roles were created; the names reflect the type of access they provide.
Select any of the predefined roles to bring up the edit screen. Each role has been split into a number of subsections, each responsible for specific parts of the system, as shown in the following screenshot:
Of these, Status Access, Status Objects, and Configuration are the three most important roles, as they define which parts of Opsview the contact can view (Status Access), which objects the contact can see (Status Objects), and which parts the contact can configure (Configuration).
Depending on your organizational needs, we can use these permissions to create various types of roles.
Just to illustrate how powerful this is, imagine we have a single system running an OS, a web server, and a database. Each is maintained by different groups (system admins, web admins, and database admins). Using the correct Status Objects and Status Access settings, we can make sure each group only sees the information relevant to its role (so database admins only see information related to the databases, web admins only see information related to the web server, and so on).
When we apply this to the Configuration settings, we can even allow our database admins to make changes within this host, while the web admins might not perform such actions.
As each organization is unique in its needs, try to create a role setup that reflects these needs.
Once we have finished creating the various roles we need, it's time to add some contacts to our system by navigating to settings | Basic | Contacts, to go to the contacts list.
Creating contacts is a fairly straightforward task, simply click on the add or clone button and enter the requested information as shown in the following screenshot (Name, Username, and so on), and select the role the user belongs to.
Click on Next to create the contact and go to the
Notifications screen from where we can finalize the contact; if you are planning on using e-mails to alert contacts, you can add the e-mail address as well.
LDAP and Active Directory integration
Instead of creating contacts manually, it is possible to integrate Opsview with your Active Directory (AD) or your
Lightweight Directory Access Protocol (LDAP) server. This allows you to either authenticate against LDAP (you will need to create the contacts), or automatically create, delete, and update contacts within Opsview based on your LDAP.
You can get more information on LDAP integration at http://docs.opsview.com/doku.php?id=opsview-core:ldap.
Any configuration changes made will not go into effect until Opsview has performed a reload. You can see the changes that have not yet taken place in the settings menu as shown in the following screenshot:
Click on settings | Configuration | Apply Changes and from the Status and Reload screen, click on Reload Configuration to apply any changes.