SiteScope User Profiles and Settings

Managing complex network applications and business services while maintaining system integrity and security is a constant challenge. Limiting access to management systems and tools which provide data to multiple groups and individuals to a single point of contact or "gatekeeper" tends to diminish efficiency and usefulness. As a operational monitoring tool, the data provided by SiteScope can be made available to multiple users without granting full administrative privileges to all users.

This section describes:

About SiteScope User Profiles
The User Profiles Table
The SiteScope Administrator Account
The SiteScope User Account
The Add User Form
About User Permission Settings
Adding a User Profile
Accessing SiteScope with a User Login

About SiteScope User Profiles

As a client-server based architecture, a single SiteScope can be accessed by multiple users simultaneously. You can define multiple SiteScope user accounts that provide different view and edit permissions for different audiences. For example, you can create a user profile that allows users to view monitor status and reports but does not allow the users to add or edit monitor configurations or alerts.

You manage SiteScope user accounts by way of the User Profiles page. This page allows you to administer the users that are allowed access to SiteScope. You access the User Profiles page by clicking on the Preferences button on the main navigation menu and then clicking on the Users link from the Preferences submenu.

A user profile limits access to SiteScope to those users that enter a correct user name and password. Optionally, user authentication can be handled by submitting a query to a LDAP database. For more restrictive access control to SiteScope, see the General Preference page for options on how to restrict access to SiteScope to only certain IP addresses.

A user profile has two main components. These are:

User authentication information
SiteScope view and action permissions

You use the Add User Form to select and edit these user profile components. You access the User Profiles page by clicking on the Add New User Profile link below the User Profiles Table or by clicking on the Edit link for an existing user profile.

The User Profiles Table

The User Profiles Table displays the user profiles that are currently defined. This table includes links for editing and deleting user profiles.

The following is an example of the User Profiles Table

Users

Name	Login URL	Edit	Del
SiteScope Administrator	/SiteScope?account=administrator	Edit
SiteScope User (disabled)	/SiteScope?account=user	Edit
Guest Login	/SiteScope?account=login1	Edit	X

When you install SiteScope the installation application creates two default user accounts. These accounts are described in the following sections.

The SiteScope Administrator Account

This account allows full access to view and change anything in SiteScope. The SiteScope Administrator is the only account that is allowed to make changes to user profiles on the User Preferences form. This account cannot be disabled or deleted.

It is important to note that the administrator account is the default account used when accessing SiteScope. This means that anyone requesting the server address and port number where SiteScope is running will, by default, be logged in on the administrator account. In order to restrict access to this account and its privileges, you need to edit the administrator account profile to include a user login name and login password. SiteScope will then present a login dialogue before SiteScope can be accessed.

The SiteScope User Account

This default account allows read only access to SiteScope. This account cannot be deleted and is disabled by default. Use the following steps to enable the default SiteScope User account.

To enable the SiteScope User account

Click the Preferences button on the SiteScope main navigation menu. The General Preferences page is displayed.
Click the E-mail link in the Preferences menu under the SiteScope main navigation links. The E-mail Preferences page is displayed.
Click the Edit link on the User Profiles table for this user profile. The Update User form is displayed
Clear the Disable option by clicking on the check box on the Update User page.
Click the Update User button to save the changes.

Once the SiteScope User account has been enabled, you use the following special URL in order to log into SiteScope using this read-only User account:

http://<sitescope_address:port>/SiteScope/userhtml/SiteScope.html

This account can also be used to allow individuals who do not access SiteScope for monitoring purposes but may want access to SiteScope generated reports. These reports may be sent as a hyperlink in an e-mail message that links to a SiteScope report.

Use the procedures outlined below to add other user accounts or edit existing accounts.

The Add User Form

Use the Add User Form to create a new user login account and set SiteScope permissions for that account. Use the Update User form to make changes to an existing user account. The following describes the items displayed on the Add User form:

Login Name

This is the SiteScope login name for this user. This is the user login name that must be entered at the login dialogue in order to access SiteScope using this profile. Alternatively, you can have users log into SiteScope using LDAP authentication. See the section below for more information.

Password

This is the SiteScope login password for this user. Enter the password again in the box below to confirm the password. If you will be using LDAP for user authentication, you do not need to enter a password here. Users will have to enter their LDAP password on the SiteScope login dialog box when they login to this user account.

LDAP service provider

If you want users to access the SiteScope service using a centralized LDAP authentication rather than the SiteScope specific password, the information must be entered in the boxes provided. In this way password authentication for access to SiteScope can be performed by LDAP. Users will still need to have a SiteScope login name defined on this page.

Before users can use LDAP to access SiteScope, they must have a user login and security principal assigned to them on the LDAP server. Once this has been set up, enter the URL of the applicable LDAP server that SiteScope should connect to for authentication in the text box on this page
(for example: ldap://ldap.mydomain.com:389)

LDAP Security Principal

When using LDAP Authentication for SiteScope access enter the Security Principal for this user. The following is an example of a LDAP Security Principal showing the typical syntax: uid=testuser,ou=TEST,o=this-company.com.

Groups

This lists the monitor groups that can be accessed by this user profile. Use this to select the groups you want this user to be allowed to view. The default is to allow access to all groups. Use the list box to select which groups to which this user should have access. To select multiple monitors, press the CTRL key while clicking on the group name listing with the mouse cursor.

Disabled

When Disabled is checked, access to SiteScope with this username and password is not allowed.

Title

Optionally, enter a title for this User profile. The title is displayed in the list of users. By default, if you do not enter a title, the login name is used.

Permissions

This displays a list of access permissions for this user profile or account. The permissions determine which links are displayed, which actions are allowed when this user profile is used to connect to SiteScope. The list of the available permissions is described in the table below. By default most of the permissions are granted. To restrict the permissions of a user account, clear the options that you do not want granted for that account.

About User Permission Settings

The following table lists the several permissions that may be granted or denied to a particular user profile. The first column gives the permission title as displayed on the Add User form. The second column describes the privilege associated with this permission setting.

Group Actions
Edit Groups	Add new groups, rename, copy, or delete existing monitor groups, which includes all monitors within the groups
Refresh Groups	Refresh or force all the monitors within a group to be run regardless of their schedule
Disable Groups	Disable or enable monitors in a group-wise manner meaning all monitors in a group may be enabled or disabled

Monitor Actions
Edit Monitors	Add new monitors, edit existing monitor configurations, or delete monitors
Refresh Monitors	Refresh or force individual monitors to be run regardless of their schedule
Acknowledge Monitors	Use the Acknowledge feature for commenting on monitor status on a group detail page.
Disable Monitors	Disable or enable monitors individually
Use Monitor Tools	Use the Diagnostic Tools form for certain monitor types. When a diagnostic tool is available for a monitor type, a hyperlink is presented in the More column for that monitor in the group detail page. Diagnostic tools may expose sensitive system information.
Use Tools	Use the Diagnostic Tools available via the generic Tools page. Access to SiteScope diagnostic tools may expose sensitive system information.

Alert Actions
View Alerts List	View the list of currently configured alert definitions on the Alert List page
Edit Alerts	Add a new alert, edit, or delete existing alerts
Test Alerts	Test an existing alert definition
Disable Alerts Indefinitely	Disable or enable one or more alerts indefinitely.
Disable Alerts Temporarily	Disable or enable one or more alerts temporarily
View Alert History Report	View the history report for an alert. This report is available by clicking on the History link for an alert in the Alert List page.
Create Adhoc Alert Reports	Create adhoc or quick alert reports using the Alert Report link below the Alert Definitions table.

Report Actions
Generate Reports	Generate a scheduled report manually by using the Generate button below the report summary table on a report's Management Report Summary page.
Show Report Toolbar	Include links at the top on management reports to the different report sections and report help.
Edit Reports	Add new report definitions, edit or delete existing report definitions
Create Adhoc Reports	Use the Quick Report action on the Management Reports page to create adhoc reports
Disable Reports	Disable or enable the generation of existing reports
View Monitor History Report	View the recent history report for a monitor

Preference Actions
Edit Preferences	Use any of the form available on the Preferences submenu to add or edit SiteScope settings for alerts, logging, integration, connectivity to remote servers, and so forth.
Test Preferences	Test any preference setting that is testable. This is usually a setting for communicating with an external service such as e-mail, modem, SNMP, or other external application.

Other Options
Edit Multi-View	Add, edit or delete items on the Multi-View page
Use Browse and Summary	Use the Browse Monitor form and the Monitor Description (Summary) Report
View Progress	View the Progress page showing monitors that are running and SiteScope monitoring load
View Topaz Configuration Changes	View the configuration changes reported to Topaz
View Logs	View the raw data reported by SiteScope monitors, sent by alerts, and other SiteScope logs
View Health Page	View the SiteScope Health (self-monitoring) page
Edit Health Parameters	Edit SiteScope Health monitoring parameters and configuration
Disable/Enable Application Health Monitors	Enable or disable the SiteScope Health self-monitoring functions
Use the Support Tool	Use the Send Support Request form (deprecated)

Adding a User Profile

Use the following steps to add a new user profile.

To add a new user profile

Click the Preferences button on the SiteScope main navigation menu. The General Preferences page is displayed.
Click the Users link in the Preferences menu under the SiteScope main navigation links. The User Profiles page is displayed.
Scroll to the bottom of the page and click the Add New User Profile link below the User Profiles table. The Add User page is displayed.
Enter a user login name in the Login Name box. If you will be using LDAP for user authentication, the user name must match a user in the LDAP database.
Enter a password for this user profile in the Password box. Enter the same password again in the second Password text box below. If using LDAP authentication, leave the password box blank.
If using an LDAP service to authenticate users, enter the address and port number for the LDAP service provider in the box provided. Enter the LDAP Security Principal for this user.
In order to restrict access and viewing of one or more monitor groups for this user, select the groups that will be granted to this user profile from the Groups selection box. By default, access is permitted to all groups. Use the ctrl-click combination to select multiple groups.
In the Permissions section, check the permission options you want to grant to this user profile. To remove privileges, clear the check mark from the applicable check box
Click the Add User button to add the new user profile.

Accessing SiteScope with a User Login

When a user connects to Sitescope, a login dialogue form is displayed with boxes for entering their username and password. Depending on whether you have multiple browser windows open at the time, the login form may be an HTML form or a system dialogue challenge.

If you want to skip the login form, you can go directly to a specific account using the URL specified in the Login URL column of the table. For example, to access SiteScope via the Guest Login displayed in the example table above, you can use the following URL:

http://<server>:<port>/SiteScope?account=login1

where <server> is the server name or IP address of the server where SiteScope is running and <port> is the port that SiteScope is running on. By default this is port 8888.

Note: SiteScope sets a cookie in the browser to keep track of which user account is being accessed by the browser. In some cases it may be necessary to close all browser windows on the client workstation before you will be presented with the SiteScope login screen to log into a different account.