Goals
The key goals of introducing the new CloudTrax User Management System are as follows:
- Allow for creation/ deletion of individual CloudTrax user accounts using email addresses and passwords that are unique to individual users.
- Allow assignment of different user roles (privileges) per user.
- Allow for more user roles than were possible earlier.
- Allow for creation and management of network groups (aggregates of networks) within a master account and easy assignment of user roles at the network group level.
- Facilitate easy migration of existing (old user management) CloudTrax accounts to the new user management system, with no disruption to existing users.
Accounts, Network Groups and Networks
The new CloudTrax user management system has been built with a focus on Managed Service Providers, who need an easy way to create several networks for each of their individual end customers and have some way of being able to abstract each of those network sets as a single entity, as different from the network sets that belong to other end customers
The old CloudTrax system had the concept of a master account and one or more networks under it. The limitation of that system was that there was no way to segregate all networks belonging to one customer from those belonging to a other customers and further, no way to grant permissions to individual users across the entire network group.
The new CloudTrax user management system removes the limitation by introducing the concept of Network Groups, as illustrated below:
User Roles
The new user management system will allow for the following types of roles to be assigned to individual users:
- Account Admin/Owner
- Group Manager
- Network User
The following table summarizes the general capabilities each user account “Role” type
|
CloudTrax function |
Account Admin/ Owner |
Group Manager |
Network User |
|
Account Management (Access to the “Account” page) |
✔ |
||
|
Add/ Remove/Edit Account Admin user |
✔ |
||
|
User Management (Access to the “Users” page) |
✔ |
✔ |
|
|
Add/ Remove/Edit Group Manager User |
✔ |
✔ |
|
|
Add/ Remove/Edit “Network User” user |
✔ |
✔ |
|
|
Create, organize or delete Network Groups |
✔ |
✔ |
|
|
Create new Networks |
✔ |
✔ |
|
|
Delete existing Networks |
✔ |
✔* |
|
|
Clone Networks |
✔ |
✔* |
|
|
Ability to change network configurations |
✔ |
✔* |
✔* |
|
Access to “configure” menu and pages |
✔ |
✔* |
✔* |
|
Access to the “AP-Pane” and the “Switch-Pane” (the per device pop out pane) |
✔ |
✔ |
✔ |
|
Ability to generate and manage vouchers |
✔ |
✔* |
✔* |
|
Ability to switch between networks (via the network drop down menu and the “All Networks” page) |
✔ |
✔ |
✔* |
* Ability to perform the above actions are based on or can be restricted by assigned network permissions
Network Permissions
When creating user accounts with a role of “Group Manager” or “Network User”, a second configuration pane will open once the account is created. This pane allows you to configure at what permission levels the user account is allowed to access each individual network or network group. If a user account is not given any permissions to a network, then that network will not be visible to the user. The permission levels are:
- Network Editor
- Network Viewer
- Voucher Editor
A user assigned a network with “Network Editor” permissions, is able to view and modify all network specific settings within that network.
A user assigned a network with the “Network Viewer” permission, will only be able to view the “Manage” area of the Cloudtrax network interface (General network status display) and will not be able to make any changes, in addition they will not be able view the Voucher area.
Finally, a user assigned a network with the “Voucher Editor” permission level will only see the Voucher configuration view when they log in and nothing else. They will have full control of all voucher settings and features. This permission level provides an equivalent replacement for the legacy “Lobby Assistant” login.
Other details to consider:
- “Account Admin” role accounts have all permissions by default and altering their permissions is not possible.
- “Group Manager” role accounts by default have the ability to create new networks and network groups. While their access to existing networks can be restricted by the permissions they are assigned to those networks, but if they create a new network they are granted full rights (Network Editor) to that network.
- A user account configured with both permissions to a specific network and permissions to the network group that the network is a member of, will see the higher permissions level assignment override the other.
If you would like to migrate your CloudTrax account to the new user management system, start by reading migrating to the new user management system
If you have already migrated to the new user management system, you can read about managing networks and network groups or about managing users.
This looks very nice and very much like what we actually need without even knowing that we did. :-)
Would be nice if we could "adopt" another "master dashboard" as network group.
Thanks Jan - and we very much like hearing that!
Reine - on the roadmap.
It would be nice to define permission sets to roles or individuals.
For example we have individuals that are responsible for monitoring specific AP's. I would like tech-1 to be notified when AP# 1, 7 or 8 go down. But I don't need that tech. to make network changes.
Can anyone else access the referenced page https://help.cloudtrax.com/hc/en-us/articles/207358010 regarding user management?
I receive "Oops, you're not authorized."
I do not have the options to create view only users.
Charles: The link should work now. Sorry for the inconvenience.