Tariscope 4.x. Administrator's guide
Chapter 3. Tariscope configuration
3.20. User management
A User management system allows to create, edit and delete user accounts in Tariscope. Tariscope users can have different access rights to Tariscope. It is possible to limit a user access to various telecommunication equipment, as well as to restrict the actions that a user can perform with the different subscriber groups.
To create a new user, select the Users page in the configuration tree. In this case the Tariscope window will be as shown in Figure 3.20.1.
Fugire 3.20.1
In the user table the following columns are displayed:
- User. The column displays a user name. On initial installation, there are two user accounts: 'BUILTIN\Administrators' and 'dbo'.
- Login. The column displays a user login with which the user is connected to Tariscope.
- Roles. A list of roles that were assigned to the user.
- Equipment. The colunm displays names telecommunications equipment to which the user has an access.
- Groups. It displays group names to which the user has an access.
To add a new user, on the toolbar, click on the Add icon. The Edit window appears as shown in Figure 3.20.2.
Figure 3.20.2
In the User login box, type a user login that is used to connecting to Tariscope. You can use the same login that the user uses to enter in the Windows, if the Windows authentication check box is selected. In this case, click on the "…" button which is located on the right of the User login box. In the appeared window, select a required user.
In the User name box, type the user name that allows to uniquely identify the user. For example, it may be a name and surname of the user.
If you select the SQL Server authentication check box, type a password in the Password and Confirm password boxes.
When you select the SQL Server authentication check box, the Login disable check box is active. The selection of the check box allows to block the user.
The Database role membership list contains a list of roles which you can assign for a user.
For reference. Microsoft SQL Server uses the concept of the Role for association of users in the conditional group with the same rights. Roles can be predetermined, and can also be created by users with this right. There are two types of roles: server (dbcreatir, diskadmin, processadmin, securityadmin, serveradmin, setupadmin, sysadmin); databases (public, db_owner, db_accessadmin, db_ddladmin, db_securityadmin, db_backupoperator, db_datareader, db_datawriter, db_denydatareader, db_denydatawriter).
There are fixed roles to work with the Tariscope database: public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_denydatareader, db_denydatawriter. They are defined by Microsoft SQL Server Fixed functions for these roles are presented in the table below.
|
Fixed database role |
Resolution at the database level |
Resolution at the server level |
|
db_accessadmin |
Allow: ALTER ANY USER, CREATE SCHEMA |
Allow: VIEW ANY DATABASE |
|
db_accessadmin |
Allow with GRANT parameter: CONNECT |
|
|
db_backupoperator |
Allow: BACKUP DATABASE, BACKUP LOG, CHECKPOINT |
Allow: VIEW ANY DATABASE
|
|
db_datareader |
Allow: SELECT |
Allow: VIEW ANY DATABASE
|
|
db_datawriter |
Allow: DELETE, INSERT, UPDATE |
Allow: VIEW ANY DATABASE |
|
db_ddladmin |
Allow: ALTER ANY ASSEMBLY, ALTER ANY ASYMMETRIC KEY, ALTER ANY CERTIFICATE, ALTER ANY CONTRACT, ALTER ANY DATABASE DDL TRIGGER, ALTER ANY DATABASE EVENT, NOTIFICATION, ALTER ANY DATASPACE, ALTER ANY FULLTEXT CATALOG, ALTER ANY MESSAGE TYPE, ALTER ANY REMOTE SERVICE BINDING, ALTER ANY ROUTE, ALTER ANY SCHEMA, ALTER ANY SERVICE, ALTER ANY SYMMETRIC KEY, CHECKPOINT, CREATE AGGREGATE, CREATE DEFAULT, CREATE FUNCTION, CREATE PROCEDURE, CREATE QUEUE, CREATE RULE, CREATE SYNONYM, CREATE TABLE, CREATE TYPE, CREATE VIEW, CREATE XML SCHEMA COLLECTION, REFERENCES |
Allow: VIEW ANY DATABASE
|
|
db_denydatareader |
Deny: SELECT |
Allow: VIEW ANY DATABASE
|
|
db_denydatawriter |
Deny: DELETE, INSERT, UPDATE |
|
|
db_owner |
Allow GRANT parameter: CONTROL |
Allow: VIEW ANY DATABASE |
A list of roles which are accessible for Tariscope user:
- Database owner. The role provides a full access to the Tariscope database.
- Call parse. The role allows to process a calls information.
- Reports and configuration view. The role allows to generate reports and view the Tariscope settings.
- Full access. The role provides a full access to Tariscope.
- Subscriber accounts. A user who has this role can work with subscribers accounts (It is applies only to the Tariscope Provider edition).
- Edit subscribers. The role allows to create, edit and delete subscribers.
- Deny information removal. This role denies the user to delete of data from Tariscope.
To choose the telecommunications equipment to which a user can have an access, select the Equipment items tab. The windows will be as shown in Figure 3.20.3.
Figure 3.20.3
If the user should have an access to all equipment, select the User is allowed to access any equipment configured in Tariscope check box. Otherwise, select the User is limited to access this equipment check box and in the Equipment available list, select telephone systems to which the user can have an access.
If a user must have an access to most of the telephone systems, click on the Select all link and then, clear the unnecessary telephone systems.
To quickly clear all check boxes, click on the Clear all link.
To choose subscriber groups to which a user can have an access, select the Groups tab (Figure 3.20.4).
Figure 3.20.4
This tab displays a list of all user groups entered in Tariscope. If the user should have an access to all groups, select the User is allowed to access all subscriber groups check box. Otherwise, check the User is limited to access only groups checked check box and in the Subscriber groups available list, select the groups to which the access is allowed.
After the configuration of user data, click OK.
To edit the parameters of any previously created user, double-click on a desired row in the user table (Figure 3.20.1) or, select a desired row and click on the Edit icon on the toolbar.
To remove a user, select a desired row in the user table and, click on the Delete icon on the toolbar. Tariscope does not allow to delete the dbo account.
