Security Model: Department Users, Admin Groups and Superusers in Traverse

Question: How do Department Users, Admin Groups and Superusers work in Traverse?

Solution: There are 3 levels of User's in Traverse: Department Users, Admin Groups and Superusers. The Superuser account will be required to carry out the below functions.

A Department User is created automatically when you create a department. It will have the same username as the Department name and will be a Read Write account.

You can create additional User accounts in a department and set them as Read-Only or Read-Write accounts with varying access rights.

 

 

Every Department has a User Class and this User Class determines the privileges of the Department Users.

  • To create a new User class, SUPERUSER >> USER CLASS >> CREATE A NEW USER CLASS

  • To change the User Class of a Department, ADMINISTRATION >> DEPARTMENTS >> UPDATE DEPARTMENT

  • To set the default privileges of a Department User with that User Class, ADMINISTRATION >> USER CLASS >> PRIVILEGES

NOTE: A read-only account will have more restrictive rights than what is shown above.

 

An Admin Group is an account that has visibility over several departments which share the same Department User Class.

An Admin Group 'Admin Class' needs to be associated with a particular User Class. To create an Admin Class and associate it: SUPERUSER >> ADMIN CLASS >> CREATE NEW ADMIN CLASS

To assign it to a User Class, SUPERUSER >> ADMIN CLASS >> USER CLASS MAPPINGS

ASSIGN USER CLASS TO ADMIN CLASS

Once you have assigned the Admin Class, you will now be able to set the Admin Group privileges, setting the access rights for any Admin's in the Admin group, similar to what was done previously for the Department user privileges.

You can manually access the above Admin privileges by navigating to SUPERUSER >> ADMIN CLASS >> USER CLASS MAPPINGS >> UPDATE.

Now that the Admin and User classes are associated, we just need to create the Admin Group so you can administer all the departments grouped under the same user/admin classes.

Create an Admin Group:

ADMINISTRATION >> DEPARTMENTS >> RED CIRCLE >> CREATE NEW ADMIN GROUP

Select the Admin class you have created and you will now be able to administer any departments with the associated User Class.

A SUPERUSER meanwhile has visibility of all Departments and the ability to administer any of these Departments. They also have the ability to represent as a User. (ADMINISTRATION >> DEPARTMENTS >> MANAGE USERS >> REPRESENT)

This gives the Superuser account the ability to restrict it's view of devices/departments etc. to the same as the user account being represented but retain it's full Superuser administration rights. (i.e. Representing as a read-only department user, will only display the department that the user account has visibility for BUT let's you carry out read/write actions. - Especially useful when configuring a department, creating dashboards for read-only users)

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us