In this chapter, you’ll learn how to implement User Group based Device Access Restrictions with the help of Device Views. By assigning one of these Views to a User Group, you control which Devices the Users in that Group can see.

Implementing Device View restrictions allows members of User Groups to focus on only those devices that are relevant to their work. For example, if your company has three facilities, you might create one View for each facility, showing only the servers that are physically located at that facility.

The specific topics we will cover in this chapter are:

  1. Creating a Device View
  2. Creating a User Group
  3. Applying the Device View to the User Group
  4. Creating a User Account and Assigning it to the User Group
  5. Viewing the Results of Applying Access Restrictions

1. Creating a Device View

To create a Device View go to the Nectus Home Screen and select Inventory -> Views -> SNMP Device Views.

This opens the “SNMP Devices Views” dialog box.

Click the Add View button to open the “Add SNMP Devices View” dialog box. Create the new View by entering a View Name and adding Devices to the “Selected SNMP Device” list.

2. Creating a User Group

To create a new User Group go to the Nectus Home Screen and select Settings -> Admin Accounts.

This opens the “Admin Accounts” dialog box. Select the User Groups tab.

Click Add New Group to open the “Add Group” dialog box. Enter the Group Name and make any changes necessary for the GUI and Context Menu tabs.

3. Applying the Device View to the User Group

Select the Views tab. Select the Device View in the “SNMP Devices Views” drop-down list.

4. Creating a User Account and Assigning it to the User Group

Return to the “Admin Accounts” dialog box. Select the User List tab.

Click Add New Account to open the “Add Account” dialog box. Enter the required information for the User and select the User Group in the “Group” drop-down list.

5. Results of Applying the Access Restrictions

Applying the Device View to the User Group results in Access Restrictions for the Users in that Group.

When a User from that group views the SNMP Devices Pane on the Nectus Home Screen, he can only see the Devices that were included in the Device View.

When the User views the Sites pane, he can only see the Sites that contain Devices included in the Device View.

Nectus AWS monitoring does not require root user permissions to performs it’s actions. Actually it requires a small set of permissions, so it’s more secure and reasonable to have a special AWS user’s account having that minimal set of grants. This guide will show to create such user’s account.

First login to the AWS console as a root user and choose IAM from the list of Services.

When you see the following form, choose Users.

Then select “Add user” on the following screen.

Enter user name and enable “programmatic access” in the next form.

Select “Attach existing policies directly” and then enable following 3 policies:

  • AmazonEC2FullAccess
  • CloudWatchActionsEC2Access
  • CloudWatchReadOnlyAccess

They could be found using “Filter policies” field.

After that click “Next: Review” button and you’ll see the following screen. Click “Create User” button.

If everything is OK and the user was created in AWS then the following form will appear. You should store Access key ID and Secret access key of the user since they are required by Nectus Monitoring. Click “Download .csv” and store this file. Also you can click “Show” to display the secret access key on the screen.

Last step is integrating AWS user’s access keys into Nectus Monitoring. Select Settings -> General Settings -> AWS integration in the Nectus GUI.

In the following form paste Access Key ID and Secret Access Key copied from AWS console (or from downloaded .csv-file).

Click OK to save the changes and Nectus is ready to perform AWS monitoring and backup.

Creating User Accounts and User Groups

In this chapter, you’ll learn how to create User Accounts and assign them to User Groups. You’ll also learn how to create User Groups and set their Access Rights.

The specific topics we will cover in this chapter are:

  1. Creating User Accounts
  2. Creating User Groups
  3. Setting User Group Access Rights

1. Creating User Accounts

Every Administrator should have their own User Account. To create a new User Account go to the Nectus Home Screen and select Settings -> Admin Accounts.

This opens the “Admin Accounts” dialog box.

 

Select the User List tab and click Add New Account to open the “Add Account” dialog box.

Enter the information for the user. Fields marked with an asterisk ( * ) are required. The group you assign determines the User’s Access Rights. You can assign the User to an existing Group, or create a new Group.

2. Creating User Groups

To create a User Group return to the “Admin Accounts” dialog box and select the User Groups tab.

Click Add New Group to open the “Add Group” dialog box and enter a Group Name.

Note that you can use the icons to the right of the Group Names to edit or delete an existing User Group.

3. Setting User Group Access Rights

Select the Group’s Access Rights from the drop-down list. Selecting “Read Only” or “Read / Write” rights sets all the GUI and Context Menu options to those values.

Selecting “Custom” rights allows you to set each GUI and Context Menu item individually. The options are “Read Only”, “Read / Write”, and “Hide”.

Select the Views tab to specify which views the User can see.

The drop-down list next to each view lists the items that will appear for that view. Setting “SNMP Devices Views” to “Cisco” for example causes only Cisco devices to appear in the SNMP Devices section or the Sites Section.

You can also designate the User Group as a “Super Admin.” Your installation must always have at least one Super Admin Group to ensure that Users have access to the system.