Management of users, permissions, groups

Back to Pandora FMS documentation index

One of the most important characteristics of Integria IMS is the possibility of working with different groups of users and that it allows access and visualization of independent elements, so that each group only visualizes its information and elements, the content being invisible. from the other groups. These user groups can be different departments, customers, or companies. This feature is generally known as a Multitenant environment.

The permissions structure is based on three concepts:

• Group (Group): Set of users with visibility between them, a group can be translated as “department”, “client” or “company”, depending on the context of use of Integria IMS and the way of working desired.
• Profile (Profile): Permission level. Define a series of privileges, such as: access to the agenda, having access to create tickets, or being a project manager.
• User ID (User): Identifier to access the tool. Users will have associated one or more combinations of profile plus group, defining the level of privileges they will have and for which group, being able to be, for example, project manager in one group and ticket operator in another. To edit users, a user with permissions can access the user manager through the menu People → User management (People → User management):

Here you can edit (click on the corresponding User ID), delete (Delete column, trash can icon) or add a new user (Create) in a form similar to the following:

In Custom screen you can choose the dashboard that the user will see when logging in. See “Dashboards Administration” for more information.

Optionally, you can assign a company (Company), which is important from the profile point of view, since in certain sections of the application the level of access will also take into account which company a user belongs to. Integria IMS brings default data for testing but you must first create your own companies in the customer management section (“CRM customer management”) .

Some user characteristics are, for example, activation (if the user is active or not) or if the user is logged in (interactive access to the console). Some users only have access by email (email) for incident management.

Once a user has been registered, the user himself can modify his own data through the People → Edit my user menu (or through the direct access located in the header, right next to the close session button ) and also know your API key by means of a QR code, which also contains name, phone, etc.

Closely related to the groups and profiles, are the types of user. In Integria IMS there are four types of users:

• Grouped only by company: This is like a normal grouped user, but can only see tickets from users in the same company and group.
• Grouped user: Privilege level based on their groups and profiles. They can only access, view and/or modify the information of each assigned group according to the profile they have defined.
• Standalone user: They can only access the sections: Tickets and Wiki. In the Tickets section they can only see their own tickets. They are often used to offer support services to potentially large customer groups.
• Super administrator: Full access and privileges over all sections and groups of the tool.

This system allows specifying what access privileges are given to each user in the different sections of Integria IMS.

In the definition of a user, at the end, there is the group and profile association:

In each section or function (tickets, baseknowledge, downloads, CRM, inventory, Wiki…) these access bits are used differently in combination with elements such as groups or with access definitions specific to each tool. For example, in downloads, the access definition associates groups with something called categories, while in CRM access management does not use groups but companies, and which companies are linked to each other.

Profiles can be managed from the People → Profile management menu (People → Profile Management) on a screen similar to this one:

Each profile has a series of access bits and is identified by a name:

Access Bits

The profiles are configured through flags or access flags.

The Project Manager Role can perform any operation on projects to which they are assigned that role, as well as on project tasks. Additionally, users with this role will be able to delete projects.

Project Owner: Has the same permissions as the project manager.

Administrator User: You can perform all the above actions in any project or task without restrictions (according to their availability in the interface).

In the project ACL system, subtasks inherit the permissions of the parent tasks. That is, if a user can modify the parent task, she can also modify the child task.

Wiki read and write permissions are defined on each Wiki page. By default all pages are accessible and editable by all users. You can see how to modify these permissions in the Wiki Read/Write Permissions section.

The CRM (Customer relationship management or Customer Relationship Management or Administration) has a particular way of working, where groups are not taken into account, only the company to which the user belongs and the profiles they have in any of the groups. The main method of access restriction will be the parent/child relationship between companies. So if you have access to a company, you have access to all “child” companies. Except the external user who only sees his own. That is, just seeia those of his company and the daughters (and granddaughters, etc.) of his company.

Integria IMS allows the management and administration of sales leads (business lead or people in charge of business with companies).

Special access flags that refer to the administration of the application.

Through this section, to which only system administrators have access, new users can be massively incorporated into the system. It is based on importing a CSV file with a specific format. A CSV file stores tabular data (numbers and text) in plain text format. The columns are separated by commas:

• id_user
• password
• real_name
• email
• telephone
• description
• avatar
• disabled
• id_company
• num_employee
• enable_login
• Custom fields.

The custom fields must previously exist in the Integria IMS system and must be indicated in order, being able to choose a value, or if you do not want to give them a value, a blank space .

Example:

user,pass_user,albert,[email protected],12345678,This is a new user,people_1,0,3,222,1,Integria,20

Other fields will be automatically associated according to the values of the creation form (menu People → Import users from csv):

• Group (group).
• Profiles (profile).
• Global profile (standard user or external user).
• Enable policy password (policy to force password according to security level).
• Avatar (profile image).

An unlimited number of custom user fields can be defined to tailor the application to the organization. Only an administrator can define custom fields, to do this go to People → User fields.

You can define fields of type yes/no (on/off), descriptions, values to choose from a selector and others.

Group management is only visible to users with user management profile. Tickets will always be associated with a group.

It is possible to define in the groups a default user to which the tickets will be assigned when a new ticket is added to that group. Subsequently, the user will be able to transfer (“escalate”) the tickets to anyone within their group, although said user must be configured with the necessary permissions to ello.

From the People menu → Groups Management (section People → Manage groups) you can add, edit and delete groups.

Clicking on the name of any group will access its editing form. By clicking on the Create button you will be able to add new groups whose fields are similar to the editing ones:

• Name.
• Forced email: Enables or disables the sending of tickets to the group of users entered in the email group.
• Parent: Group in which you are included as a child.
• Default user: This user will be assigned by default for tickets created in this group. You must type at least two letters in the search field to be able to choose from a list of matching users.
• Icon (Icon): Image of the group, by selecting one from the list you will get a preview of it.
• Send customer satisfaction email: Option to send an email to learn about customer satisfaction.
• Open ticket limit: For grouped users, it is the maximum number of simultaneous open tickets of a group in the last year. For external users, it is the maximum number of simultaneous open tickets by that user.
• Enforced open tickets limit: It will prevent the creation of new tickets when the open tickets limit is reached. If it is not forced, it only shows an informational window that the limit has been exceeded.
• Total ticket limit: For grouped users, it is the maximum number of tickets in a group in the last year, regardless of their status (both open and closed tickets will be counted). For external users it will work in the same way but they will be counted individually, having their own for each external user and group. In both cases, it is restrictive, so new tickets cannot be created for this group once the limit is reached.
• Ticket SLA: Monitoring of the level of compliance (in English Service-level Agreement or SLA) used in the tickets of this group.
• Default inventory object: Object associated by default to the new tickets of this group (optional).
• Email from: Email address that will appear as the origin of the notification. If you need users to be able to reply to this email, this address must be an alias of the address configured in Integria IMS to receive the messages.
• Group email: Email addresses associated with the group. Notifications will be sent to these addresses when there are changes to the tickets in the group (if there are multiple, you must separate them from each other by commas , ).

They are used for the creation and management of tickets by email. To be able to use this functionality, it is necessary to have an email account configured in the Mail settings section, in the general configuration of the console (Setup → Setup → Email setup ). Integria IMS will use this account to download mail from a mailbox and to be able to work with new tickets sent to the support email account.

Since Integria IMS can only use one email account to download (POP3 or IMAP technologies), you will have to use ALIAS on your mail server to be able to differentiate who creates the ticket.

Suppose you have two user groups GOLD-SUPPORT and GOLD-VIP, and that the account that Integria IMS works with is [email protected]:

• You must create two aliases for that account so that sending to [email protected] and [email protected] both end up at [email protected].
• It will create two groups: “Gold Support” and “VIP Support”, with the differences in the shipping address and name fields.
• You must configure the “Gold Support” group as follows:

The big difference comes when configuring the group queue (Email Queue management section):

With this configuration, if you receive an email at the address [email protected]:

• It will automatically create a user with a standard user profile.
• A welcome email will be sent to you with the username and cPassword so you can access the platform.
• The content of the email that the user has sent will also be used to create a new ticket in the “Gold Support” group.

The parameters to configure the mail queues are the following:

• Automatically create users: Automatically create new users when a message is received. Depending on the origin or destination, some rules will be applied to the creation of users.
• Grant access to users: Allows you to grant access to the application for new automatically created users using their username and password. Otherwise, those users will only have access via email.
• Send welcome email: Will use the template specified in the bottom field (Welcome email).
• Default status: Status with which the ticket will be created by those new users.
• User type: Category with which the users will be created automatically (grouped or not grouped).
• Default company: Optional field.
• Default user profile: The indicated profile will be associated to the new user for the corresponding group.
• Default ticket type: Default ticket type for those processed through the mail queue.
• Email queue: The emails that arrive at the email addresses specified in this section will be used to create and update tickets. This field allows you to configure several addresses or regular expressions, one for each line.
• Welcome email (Welcome message): It will be sent to new users that are automatically created when sending an email. The email address of origin will be used as the username. This text field accepts the _password_ macro, which will change this macro to the default password assigned at user creation.

• Given a group of addresses with the emails: [email protected] or .*@otherdomain.com .
• With this configuration, all the emails that arrive at the address [email protected] will be used to manage tickets by email using the defined parameters.
• All those with the format [email protected] (such as: [email protected], [email protected], etc.) will also be used for the management of tickets by mail, using the defined parameters.

Back to Pandora FMS documentation index