User Administrator

Estimated reading: 11 minutes 193 views

This user can create new user and read only those users which are assigned to the groups assigned to the user. Additionally the user can create group and read only those group(s) which are assigned to logged in user.

The user can grant or revoke the Application, Shared & System roles to Groups/Users.

The User Administrator will be assigned the User Administrator and Restricted User Administrator permission set by default.
The User Administrator will be assigned the following permissions by default:

Description	Remarks
User Administrator Permissions
Applications\Can Read All Applications	This permission gives you the right to read all the applications.
Restricted User Administrator Permissions
Audit and Reporting\Can Generate Documentation	This permission gives you the right to generate the documentation.
Audit and Reporting\Can Read Event Log	This permission gives you the right to read an Event Log.
Groups\Can Create Group	This permission gives you the right to create a group.
Groups\Can Delete Group	This permission gives you the right to delete a group.
Groups\Can Read Group	This permission gives you the right to read a group.
Groups\Can Update Group	This permission gives you the right to update a group.
Roles\Can Create Application Role	This permission gives you the right to create an application role
Roles\Can Create Shared Role	This permission gives you the right to create a shared role
Roles\Can Delete Application Role	This permission gives you the right to delete an application role
Roles\Can Delete Shared Role	This permission gives you the right to delete a shared role
Roles\Can Grant Revoke Application Roles To Groups	This permission gives you the right to grant or revoke application roles to the groups.
Roles\Can Grant Revoke Application Roles To Users	This permission gives you the right to grant or revoke application roles to the users.
Roles\Can Grant Revoke Shared Roles To Groups	This permission gives you the right to grant or revoke shared roles to the groups
Roles\Can Grant Revoke Shared Roles To Users	This permission gives you the right to grant or revoke shared roles to the users
Roles\Can Read Application Role	This permission gives you the right to read an application role.
Roles\Can Read Shared Role	This permission gives you the right to read a shared role.
Roles\Can Read System Role	This permission gives you the right to read a system role
Roles\Can Update Application Role	This permission gives you the right to update an application role
Roles\Can Update Shared Role	This permission gives you the right to update a shared role
Users\Can Approve Pending Users	This permission gives you the right to approve or deny users
Users\Can Assign Remove Users To Groups	This permission gives you the right to assign or remove users to the group
Users\Can Approve Pending Users	This permission gives you the right to approve or deny the users
Users\Can Assign Remove Users To Groups	This permission gives you the right to assign or remove users to the group
Users\Can Create User	This permission gives you the right to create an user
Users\Can Delete User	This permission gives you the right to delete an user
Users\Can Lock Unlock User	This permission gives you the right to lock or unlock an user
Users\Can Read User	This permission gives you the right to read an user
Users\Can Update User	This permission gives you the right to update an user

To explore the impact of permissions please click on the relevant link below:

Please Note: The sections on which the role has no impact has not been listed

Impact of user administrator role on applications

This module explains the impact on the applications if the user has been granted the User Administrator Role.

The User will be assigned following permissions:

Description	Remarks
Can Read All Application	This permission gives you the right to read all applications.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.

The user will be able to view list of all the applications (A).
Since the user has permissions to Can Read All Applications the user will be able to view the details of all the applications.
The user can click on the Application name to view the application information as shown below:

The application information will be available in read only mode.

Impact of User Administrator Role on Audit and Reporting

This module explains the impact on the audit and reporting if the user has been granted the User Administrator Role.

The User will be assigned the following permissions:

Description	Remarks
CanGenerateDocumentation	This permission gives you the right to generate documentation.
Can Read Event Log	This permission gives you the right to read an Event Log.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view list of all the applications (A).

Since the user has permissions to Can Generate Documentation he can use the Generate Documentation option to generate the documentation of each entity in the Visual Guard console.

Can Read Event Log permission allows access to viewing the event log as shown below:

Impact of User Administrator Role on Groups

This module explains the impact on the groups if the user has been granted the User Administrator Role.

The User will be assigned the following permissions:

Description	Remarks
Can Create Group	This permission gives you the right to create a group.
Can Delete Group	This permission gives you the right to delete a group.
Can Read Group	This permission gives you the right to read group.
Can Update Group	This permission gives you the right to update a group.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view list of all the applications (A).

Since the user has permissions to Can Read Groups, the user will be able to view the group that has been assigned to him.
The parent groups of the assigned group will also be displayed.

Depending on the user privileges and assigned group privileges the list of privileges will be decided automatically.
The Can Create Group privilege allows the user to create a group. This option will be available only if a group has been assigned to the user.

The new group will be listed under the Parent Group. The user can view group details by clicking on the group name.

Since the user has the Can Delete Group and Can Update Group privileges he can remove or update group related details.

Impact of User Administrator Role on Role

This module explains the impact on the roles if the user has been granted the User Administrator Role.

The User will be assigned the following permissions:

Description	Remarks
Can Create Application Role	This permission gives you the right to create an application role
Can Create Shared Role	This permission gives you the right to create a shared role
Can Delete Application Role	This permission gives you the right to delete a application role
Can Delete Shared Role	This permission gives you the right to delete a shared role
Can Grant Revoke Application Roles To Groups	This permission gives you the right to grant or revoke application roles to the groups.
Can Grant Revoke Application Roles To Users	This permission gives you the right to grant or revoke application roles to the users.
Can Grant Revoke Shared Roles To Groups	This permission gives you the right to grant or revoke shared roles to the groups
Can Grant Revoke Shared Roles To Users	This permission gives you the right to grant or revoke shared roles to the users
Can Read Application Role	This permission gives you the right to read an application role.
Can Read Shared Role	This permission gives you the right to read a shared role.
Can Read System Role	This permission gives you the right to read a system role
Can Update Application Role	This permission gives you the right to update an application role
Can Update Shared Role	This permission gives you the right to update a shared role

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view list of all the applications (A).

The user can create a new role under an application since he has the Can Create Application Role privilege.

The new role will be listed under the Application>Roles option. The user can view the role details by clicking on the role name as shown below:

Since the user has the Can Read Application Role and Can Update Application Role privilege, the user can view and update role details by clicking on the Application>Role> Rolename.
Since the user has also been granted the Can Grant Revoke Application Roles To Users privilege the user can grant/revoke new roles to user using options “Grant role to users” & “Revoke role from users” available under tab “Granted User”

Please Note: You can also grant/revoke roles of users Users> Username> Roles> Edit Roles option. Click here (missing link) to know more.

Grant role to users: When you select option “Grand role to users” you are provided with a screen to select users to whom the role is to be assigned.

Once the users are successfully assigned to the Group, below message will appear

Revoke role from users: When you select option “Revoke role from users” you will be asked for confirmation, as shown below:

Once confirmed by clicking on option “yes” , the role will be successfully revoked and below message will appear:

The user can also grant/Revoke the role to the groups, since the user has the Can Grant Revoke Application Roles To Groups privilege.

The new role will be listed under the application, the user can select and grant the role.

The user can delete the application role since he has the Can Delete Application Role privilege.
Additionally the User Administrator has access to manage the Shared Roles.
The Can Create Shared Role privilege allows the user to create a new Shared Role.

The new role will be listed under the Shared Roles option. The user can view the role details by clicking on the role name as shown below:

The user has the privilege to read and update the shared roles information, since he has been granted the Can Read Shared Role and Can Update Shared Role privileges.
Since the user has also been granted the Can Grant Revoke Shared Roles To Users privilege the user can edit the granted users option.

The user can select and edit the members for the selected role. Click here to know more.
The user can also grant the shared role to the groups, since the user has the Can Grant Revoke Shared Roles To Groups privilege.

The user can assign the shared role to the group.

The user can delete the shared role, since he has the Can Delete Shared Role privilege.
The User administrator can just view the System Roles related information, since he has the Can Read System Role privilege.
The user can view and update the role details by clicking on the Application>Role> Rolename.

Impact of User Administrator Role on Users

This module explains the impact on the user related permissions if the user has been granted a User Administrator Role.

The User will be assigned following permissions:

Description	Remarks
Can Create User	This permission gives you the right to create an user
Can Delete User	This permission gives you the right to delete an user
Can Lock Unlock User	This permission gives you the right to lock or unlock an user
Can Read User	This permission gives you the right to read an user
Can Update User	This permission gives you the right to update an user

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view list of all the applications (A).

The user can create a new user, since he has the Can Create User privilege.
The user can create a user only under the groups assigned to him.

When the user clicks on the new user option following screen will be displayed:

Click “OK” to complete the user creation.
The new user account will be created and will be displayed in the Grid on Right side.

The user can view the user details by clicking on the user name as shown below:

Since the user has the privilege Can Read User and Can Update User, the user will be able to update the user details.
The user administrator has the privilege to delete the user, since the user has the Can Delete User privilege.
Additionally the user administrator can lock a user or unlock the user accounts since he has the Can Lock Unlock User permission.

See Also:

Special Roles
Impact of granting multiple roles
Special Roles & Permission Matrix