Tenants and Users

The MSactivator™ platform provides a multi-roles and multi-tenancy hierarchy that should accommodate all your specifics requirement.

Overview

Tenant and user management screens are available in the "Admin" section of the MSactivator™ UI.

administration management

Initial connection

The MSactivator™ comes with one pre-created super admin user: ncroot (the equivalent of the root user on Linux systems). The default password for this user is "ubiqube".

This default password should be changed, especially if the MSactivator™ is meant to be used in a production environment.

Overview

The MSactivator™ has 2 levels of tenancy: tenant and subtenant.

These 2 levels will let you organize your managed entities based on your need will ensuring that access restriction based on the user role is fully respected.

4 user roles are available to make sure that you can assign the access and managing roles to your users based on their actual roles in your company.

concepts tenants users

Tenancy management

The MSactivator™ is designed to provide multi-tenancy. A tenant is a virtual private space that can be managed as an isolated environment.

tenancy creation

There are two levels of tenancy, tenant and subtenant, the latter being nested in the first one.

Tenancy management is provided on the UI in the "Admin" section on the left menu.

Tenant

Select the "Tenants" section in the "Admin" menu and click on the "+ Create Tenant" button to create a new tenant.

The "Tenant Prefix" is a three letters, unique identifier for the tenant. It will be combined with the subtenant or the managed database identifier to build a short, comprehensive, unique identifier that you can use to filter application logs when troubleshooting or when you need to communicate with the support team.

Tenant Creation Form

Subtenant

Select the "Subtenants" section in the "Admin" menu and click on the "+ Create Subtenant" button to create a new subtenant.

Carefully select the tenant where the subtenant will be created as moving a subtenant to another tenant is not possible without database update.

Subtenant Creation Form

Save the customer form and navigate to the new subtenant tenant (click on the subtenant name in the customer list).

User management

Four types of users are available:

ncroot, the privileged administrator
the administrator users
the privileged manager users
the manager users

Privileged administrator (ncroot)

ncroot is the only predefined user within the MSactivator™. It’s the user with the highest level of privilege.

In addition to the action available to the other users with lower privileges, ncroot can create the tenants, upload and activate the MSactivator™ product licenses, create administrator users.

Administrator

Administrator users can only be managed by ncroot.

Administrators are associated with one or more tenants and have full access rights over these tenants.

A typical administrator job is to create the managers and privileged manager as well as the subtenant within its tenants.

Privileged manager and manager

Privileged managers are restricted to a single tenant.

Within their tenant, privileged managers have full access rights and can perform tasks such as subtenant management, device management, user and rights management.

Managers are restricted to a single tenant and, within this tenant, to a subset of subtenants.

By default, the managers have restricted, read-only access to the subtenant.

A manager may be used to provide self-care access to the MSactivator™ portal.

Roles and rights management : permission profiles

The MSactivator™ provides a simple authorization mechanism based on 4 user roles, the privileged administrator, the administrator, the privileged manager, and the manager.

By default, managers have a very restricted access to the data. They can only view the information of the subtenant and managed entities they are entitled to. In order to grant more rights to a manager, it is possible to use a permission profile.

A permission profile is an aggregation of rights such as "create a device", "activate a device", "configure a device",… that are turned on or off depending on your user management policy. This profile is applied to a set of one or more users.

You can create a permission profile as ncroot from the "Admin" section. Permission profiles are created in the scope of a tenant therefore you need to select a tenant to manage them.

permission profile create

On the tab "Permissions" select the specific permission that you want to give to your managers

Permissions are organized by categories that reflect the MSactivator™ functional architecture.

permission profile permissions

Assign the permissions to managers on the tab "Associated Managers"

Audit record

The audit logs record every call to the MSactivator™ API, this includes user action on the UI and direct call to the REST API

Example

    John logged in.
    John opened the Management dashboard.
    John applied sub-tenant filter "Hoth".
    John listed the workflows attached the to sub-tenant "Hoth".
    John executed the workflow "Create ME" on the sub-tenant "Hoth".
    ....
    John logged out.

The audit logs are available for each user in the "Profile" menu, under "Audit Logs".

audit logs

Since audit record are stored in Elasticsearch, you can use Kibana to design a simple user activity dashboard and display it in your super admin dashboard

audit logs kibana