User Management

Each user can have multiple roles and each role can have multiple permissions, and each permission defines read/write privilege to certain system resources. If a user attempts to access a UI resource without valid permission, “403 Forbidden” error will be returned.

Role Management #

Lucidum UI provides a set of pre-defined roles as listed below:

 

Pre-defined Roles Description
Admin Administrator
IT_Operation Same as Admin except for changing admin password and managing license
Lucidum_Support Lucidum support used for customized query update only. Please don’t assign this role to the normal users
Api_Users Programmatic access to Lucidum API (cannot access UI)

Users can also create a new role under “Role Management” and assign certain permissions to this role.

 

 

To add permissions to one certain role, users can select the available permissions from the box on the left and click the “>” arrow to add the selected permissions. Similarly, to remove permissions from one certain role, users can select the permissions to remove from the box on the right and click the “<” arrow to remove the selected permissions. The table below describes the details for the available permissions.

 

Permissions Description
Front_*** Access to the UI sub-menu, e.g., user with the Front_DataQC permission can click on sub-menu on the left side
Read Chart Read access to the Home page
Read Action Read access to the Action page
Write Actions Read/Write access to the Action page (user can add or change action)
Query Builder Access to the Explore page (user can manage saved queries)
Search Access to the Explore page (user can submit and run queries)
Read License Read access to the License page
Modify License Write access to the License page (user can upload and modify license)
UserManage Read/Write access to the User Management page (users can only change their own user settings)
RoleManage Read/Write access to the Role Management page
Read System Usage Access to the resource usage monitoring under the System Stats page
Read System Log Access to the system event logs under the System Stats page
Read System Setting Read access to the System Setting page
Write System Setting Read/Write access to the System Setting page
Start/Stop Runner This permission is retired and irrelevant
Read DataQC Access to the Data QC page
Read/Write DataMapping This permission is retired and irrelevant

 

Customized Query Read/Write Access to the Lucidum support page for updating the UI back-end queries (not for normal users)
API_Operator Access to the Lucidum API
Schedule Read/Write access to the query scheduling

 

LDAP Role Management #

Lucidum UI also supports LDAP roles. However, LDAP roles need to be mapped to Lucidum local roles beforehand. For example, as shown in the figure above, LDAP role “DEVELOPER” is being mapped to Lucidum system role “IT_Operation”. Then all LDAP users with the “DEVELOPER” role will have the permissions from “IT_Operation” role.

User Management #

The default password for the system “admin” user is 12345678, make sure to change this default password upon the first login by clicking “change password” under “Action”.

 

Only the user with the Admin role can create a new user or change other users’ profiles (e.g., user password and roles). To create a new user, click “New User” under “User Management”.

Under the “New User” pop-up window, specify the new username, user email, user password, user’s time zone, and user’s roles. Then click “Confirm” to finish the new user creation process.

Leave a Reply

Your email address will not be published. Required fields are marked *