Managing users
A user with the admin role for a tenant can perform any of the following actions:
-
Create a new user
-
Enable (or disable) a user
-
Modify a user name, e-mail address, or password
-
Assign or modify user roles
This section describes tasks and concepts including:
About user configuration
Blue Planet installs a single administrative user called admin that belongs to a master tenant within the user access control (UAC) app. The admin user sets up multiple users as well as multiple tenants (or customers of the software apps that make up Blue Planet). Multi-tenancy permits creation of separate customer tenants who can then set up associated users with access to only selected apps and resources.
To create and manage multiple user accounts to access the orchestration UI and Blue Planet Application Programming Interface (API), enter the following URL into your browser: https://<server_IP>/uac-v2 or in the UI select System > User activities > User accounts. Ensure you give your users Blue Planet Orchestration user roles or they cannot perform orchestration tasks.
In addition, UAC allows you to set up additional tenants and sub-tenants to allow user access to specific tenant resources. For more details, see Creating and managing tenants or sub-tenants.
When planning your orchestration strategy for tenants and sub-tenant users, keep in mind the following:
-
Who is this user and to which tenant do they belong?
-
What resources are in which tenants?
-
What role permissions do they require?
The following table describes the role privileges within Blue Planet.
Task/Action |
user1 |
admin |
sysadmin |
Modify email address and password (self) |
x |
x |
x |
Modify API keys |
x |
x |
x |
Modify others' user name, email address, or password |
x |
x |
|
Create a new user |
x |
x |
|
Enable (or disable) a user |
x |
x |
|
Create roles |
x (Application admin) |
||
Assign or modify user roles |
x |
x |
|
Create and delete API key assignments |
x |
x |
|
Edit or enable tenants or sub-tenants |
x |
||
Create or delete tenants or sub-tenants |
x |
||
Edit password configuration policy |
x |
x |
1 Check the Blue Planet MDSO and NFVO Solutions Release Notes for details on any existing issues.
About role-based access control (RBAC)
Blue Planet uses RBAC to allow administrators to set user permissions, roles, and tenants. Each role has specific permissions attached to it, so the permissions are evaluated to determine whether an action on a resource is permitted. In addition to the User Administration app that manages user and tenant tasks, each app sets their own roles for task completion.
The following table lists several user application roles. Your access list may vary depending on the apps or solutions you install. You can also create your own roles.
| Application | Role | Description |
|---|---|---|
Security |
admin |
All privileges (except creating and deleting tenants). |
Security |
sysadmin |
Master tenant sysadmin can create or delete a tenant. |
Security |
user |
Privileges on identified tenant; can change user password. |
Blue Planet Orchestration |
Application admin |
Author all content. |
Blue Planet Orchestration |
Provisioner |
Create, modify, or delete resources. Cannot create or delete domains and products. |
Blue Planet Orchestration |
Observer |
Read only access. |
For user roles, see the Blue Planet MDSO and NFVO Solutions Release Notes for details on existing issues.
For details on how to configure Remote Authentication Dial-in User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP) authentication security service to communicate with the Blue Planet user access control (UAC) administration app, see Configuring RADIUS/LDAP.
Adding and editing users
Admin users must log in to the tenant context in order to create new users or edit existing users.
To create users or modify user settings:
-
From the main window, select System > User activities > User accounts to view and manage user accounts.
-
To create a new user:
-
Click Create.
-
Enter the required data into the form.
Ensure you select Is active to activate this user. If you plan to activate this user at a later time, leave this checkbox empty. -
Click Save.
-
-
To edit an existing user:
-
Select the user from the user accounts list.
Use the search filter to refine your search. No search characters are supported. -
Click Edit.
-
Update the data in the form and click Save.
Inactive users appear in red in the user accounts list.
-
-
To manage user settings:
-
Select the user from the user accounts list.
-
To delete the user from the Blue Planet UAC, click Delete and confirm the deletion.
-
To reset a user password, click Reset password, enter the new password, then click Save.
-
To create a new API key, do the following:
-
Click API keys.
-
Click Create New API key.
-
Click Close.
NOTE: Users only require a valid API key in order to use the Blue Planet REST API with HMAC authentication. If users access the REST API using their user login and password, token authentication occurs as part of that login.
-
-
To delete an existing API key for this user, click API key then click Delete next to the API Key ID/Key Secret you want to remove.
-
-
Click the Blue Planet icon (located in the upper-left corner of the UI) to return to the dashboard at any time.
To sign out, select your account name and click Logout.
Terminating active user sessions
In some cases it might be necessary to terminate user sessions to perform system maintenance or updates.
To manage active sessions and terminate sessions:
-
Select System > User activities > Active sessions.
-
Select a session and click Terminate.
To log a user out completely, ensure you terminate all user sessions associated with that user. It might take a few moments for the change to take effect.
Deleting users
-
From the main window, select System > User activities > User accounts.
-
Select the user from the user accounts list.
-
Click Delete and confirm the deletion.
Resetting a forgotten user password
A user within a tenant can change their own e-mail address and password.
To reset a user password:
-
From the main window, select System > User activities > User accounts to manage a user account.
-
Select the user from the user accounts list.
-
Click Reset password and enter the new password.
-
Click Save.