NightWatchman console security
Managing security in the NightWatchman console
NightWatchman security lets you control who has access to specific NightWatchman features (it relies on the account information provided by the Active Directory). With NightWatchman, you can:
Add new users or groups
Delete users or groups
Add new security roles
Change permissions for security roles
Assign security roles to users or groups
Delete security roles
Set viewing and access options for the group hierarchies
Adding new user or group security accounts
To add a new user security accounts:
In the Security section, select Users and Groups tab.
Click the Add button.
In the Select Users or Groups dialog, type the name of the user or group.
Click the Check Names button to search the AD for the user or group.
Click the OK button to create the security account.
Details for the account are sourced from the AD.
Deleting users or groups
To delete an existing user or group security account:
In the Security section, select the Users and Groups tab.
Select the account you want to delete.
Click the Delete button.
If the warning option is turned on the Confirm Delete dialog is displayed. Click Yes to delete or No to cancel.
Turning off the deletion warning dialog
To prevent NightWatchman from displaying the deletion warning dialog every time you delete a power scheme, power policy, tariff, security role or security account, check the Don't ask me again checkbox, located on the warning dialog itself.
Note
Before checking this box, make sure that you definitely do not want the deletion warning dialog to appear as deleting a NightWatchman Console Power Scheme cannot be undone.
Adding new security roles
To add a new security role:
In the Security section, select the Roles tab.
Click the Add button
In the Add Security Role dialog, enter a name and description.
Click OK to save the new security role.
After creating the new security role you will need to define the permissions for it.
Changing permissions for security roles
To change permissions for security roles:
In the Security section, select the Roles tab.
Select the role you want to amend.
Check or uncheck the checkboxes for the permissions you want this role to have.
Click Apply to enable the new permissions or Discard to revert the permissions to their original settings.
Permissions
Notes
Launch Console
With this permission, users can launch the NightWatchman Console.
Note
Users must already have this permission before they can be granted any other permission.
Clients
With these permissions, users can access group hierarchies. The following permissions can be applied to the Location or Organization hierarchies individually:
View – users with this permission can view the group hierarchy subject to specific permissions assigned to the group hierarchy.
Note
Users must already have this permission before they can be granted the View All or Modify permissions.
View All – users with this permission can view the group hierarchy regardless of any specific permissions assigned to the group hierarchy.
Modify – users with this permission can modify the group hierarchy i.e. adding/deleting/renaming groups and moving/removing computers of group.
Queries – this enables the user to access the Queries tab.
Change Security – this enables users to define access for others by setting permissions on location and organization groups. This permission becomes available only when one or more of the View checkboxes are checked.
Note
If not all view permissions are selected a security warning will appear. This indicates that allowing access to the Query tab may expose information that would otherwise have been hidden based on the restrictions of the role. For example, if a role does not allow a user to see information about power policies, enabling access to the Query tab potentially will allow that user to display information related to power policies.
This not only applies to different areas of the console that the user may have permissions to but also to the areas of the hierarchy that the user may have permissions for. A user may not be able to view the New York section of the hierarchy but will be able to run a query that may return information about the New York computers.
Power Schemes
With these permissions, users can access power scheme properties as follows:
View – users with this permission can view power schemes.
Note
Users must have this permission before they can be granted the Add, Edit or Delete permissions for Power Schemes.
Add – users with this permission can add new power schemes.
Edit – users with this permission can edit existing power schemes.
Delete – users with this permission can delete existing power schemes.
Power Policies
With these permissions, users can access power policy properties as follows:
View – users with this permission can view power policies.
Note
Users must have this permission before they can be granted the Add, Edit or Delete permissions for Power Policies.
Add – users with this permission can add new power policies.
Edit – users with this permission can edit existing power policies.
Delete – users with this permission can delete existing power policies.
Power Consumption
With these permissions, users can access power consumption properties for desktops, laptops and monitors as follows:
View – users with this permission can view the items in the power consumption tab.
Note
Users must have this permission before they can be granted the Edit permission for Power Consumption.
Edit – users with this permission can edit power consumption data in the chassis and monitor tables.
Tariffs
With these permissions, users can access tariffs properties as follows:
View – users with this permission can view tariffs.
Note
Users must have this permission before they can be granted the Add, Edit or Delete permissions for Tariffs.
Add – users with this permission can add new tariffs.
Edit – users with this permission can edit existing tariffs.
Delete – users with this permission can delete existing tariffs.
WakeUp Servers
With these permissions, users can access WakeUp Servers properties as follows:
View – users with this permission can view WakeUp Server properties.
Note
Users must have this permission before they can be granted the Edit or Delete permissions for WakeUp Server.
Edit – users with this permission can edit existing WakeUp Server properties.
Delete – users with this permission can delete existing WakeUp Server properties.
Settings
With these permissions, users can access settings properties as follows:
View – users with this permission can view settings properties.
Note
Users must have this permission before they can be granted the Edit permission for Settings.
Edit – users with this permission can edit existing settngs properties.
Security
With these permissions, users can access security properties. You can set specific permissions for the Users and Groups or Roles tabs.
View – users with this permission can view security properties for users and groups as well as roles.
Note
Users must have this permission before they can be granted the Add, Edit or Delete permissions for Security.
Add – users with this permission can add new users and groups as well as roles.
Edit – users with this permission can edit existing users and groups as well as roles.
Delete – users with this permission can delete existing users and groups as well as roles.
Launch Import Wizard
With this permission, users will be able to run the data Import Wizard.
Assigning security roles to users or groups
To assign security roles to users or groups:
In the Security section, select the Users and Groups tab.
Select the user or group from the list to assign the role to. Unassigned roles are identified by the
icon.
Click the
next to the role to assign it to the user or group.
Deleting security roles
To delete an existing security role:
In the Security section, select the Roles tab,
Select the role you want to delete.
Click the Delete button.
If the warning option is turned on, the Confirm delete dialog is displayed. Click Yes to delete or No to cancel.
If the role is associated with a user or group, another Confirm delete dialog is displayed indicating that the security role is use. Click Yes to delete or No to cancel.
To prevent NightWatchman from displaying the deletion warning dialog every time you delete a power scheme, power policy, tariff, security role or security account, check the Don't ask me again checkbox, located on the warning dialog itself.
Note
Before checking this box, make sure that you definitely do not want the deletion warning dialog to appear as deleting a NightWatchman Console Power Scheme cannot be undone.
Setting viewing and access options for group hierarchies
To set viewing and access options for group hierarchies:
In the Security section, select the Roles tab.
Define a security role with the View (but not the View All) permissions.
Select the Users and Groups tab.
Assign the security role to the user or group.
An administrator with Change Security permissions must set the security properties for the node in either the Location or Organization hierarchies in order of the user or group to view that it. To do this:
In the Clients section, right-click your mouse on the node.
Select Properties from the menu.
Click the Security tab in the Properties dialog.
Select the user or group from the list.