The Multi-tenancy module provides the following features:
- Access to specific tabs (e.g. Dashboard, Maps, Status, Alarms, Admin)
- Ability to apply permissions to User Groups per flow exportering Interface or per device
- Set permissions to see dashboards and even the ability to manipulate or copy a dashboard
- Access to administrative functions
The Multi-tenancy module is useful to companies who need to give customers a unique login and restrict what they see. Restrictions can be set on specific devices and or interfaces.
Users are assigned to usergroups. Usergroups are granted permissions. Users inherit permissions from all the usergroups they are a member of. This functionality also serves as the basis for the enterprise focused multi-tenancy functionanlity.
New User Groups: Is used to create a new usergroup that individual users can be assigned to. Give the group a name and apply a template from another Usergroup that has similar permissions to the new user group. After creating an account, find the new usergroup on the left and click it to modify.
Click here for a special note regarding Scrutinizer usergroups and LDAP security groups.
Administrators: This is the admin account and cannot be deleted. Users can be assigned to this group and inherit all of its permissions.
Guest: This is the default guest account which cannot be deleted. Users can be assigned to this group and will have limited permissions.
Permissions for an individual user account will be inherited from all usergroups it is a member of. To view all the usergroups a user account is a member of, visit Admin tab > Security > Users and click on a user account. Then open the Group Membership tab.
Select the user accounts that will need to have access to this usergroup. A user can be a member of multiple usergroups and inherit all applicable permissions.
Permissions control features the usergroup should have access to within Scrutinizer. Permissions can restrict product features entirely for a usergroup or specific features can be accessed based on your usergroup membership.
- Which tab the members of the usergroup should be able to see,
- Administrative permissions the usergroup should have access to,
- Advanced features like acknowledging alarms, scheduling reports, adding/deleting users etc.
Clicking the Configure link in the Features column will provide a click and drag modal to adjust usergroup permissions. Inside that modal, on the left will two radio buttons with Predefined and Advanced labels. The following section describes the difference between the two modes, as you must chose one or the other per group.
Predefined roles vs advanced features¶
The features modal allows Usergroups to use predefined roles or manually specifiying features. A Usergroup must use either the Predefined Feature sets or the Advanced features that can be manually configured.
You cannot configure manual permissions for a predefined set.
- Advanced - Manually configure all permissions available. Use Advanced to create custom feature sets.
- Predefined roles - Feature sets for common persona’s like “ReportUser” or “DashboardAdministrator”
Predefined role Underlying permissions AlarmsAdministrator ackBBEvent
AlarmsUser alarmsTab DashboardAdministrator dashboardAdmin DashboardUser createDashTabs
ReportingUser runReport SystemAdministrator 3rdPartyIntegration
- Device status is used to grant permission to see the status of the device (i.e. Flow exporter). Device icons appear blue in maps if the Device Group permission is granted without this permission.
- Interface statistics grants permission to see the statistics of an interface.
- Groups are used to grant permission to see a group (i.e. map). Devices (i.e. flow exporters) appear blue and interfaces black unless permission is granted in Device Status and Interface Statistics.
- Saved reports allows to select the saved reports/ filters that the usergroup will need to have access to run.
- Dashboard gadgets selects the gadgets that the usergroup will need to be able to add to dashboards.
- Third-party links controls the vendor third-party integrations that the usergroup will be able to integrate with.
- Bulletin boards manages the Bulletin boards that the usergroup will need to be able to access in the Alarms tab.