Figure 25 - Platform Users Screen
The Platform Users screen is used by system administrators to provide access to an individual user to the Platform System.
When adding, modify or updating users, changes to Platform Space Permissions, can take up to 15 – 20 minutes to populate in the Platform Interface and in the file system. This is because permission changes take place as a background task and have to potentially propagate over terabytes of data.
Any user that wishes to gain access to Platform resources must be explicitly added to the Users tab before login is possible. On the Users tab, the system has the following elements:
Users Filter – This filter box is a useful way to narrow down the specific user the operator is searching for. It auto filters with every character that is typed and the users displayed in the grid are reduced to only those that match what the operator types in the filter box.
Add Existing User – Used to find a user in the existing active directory and add them into the Platform (see below for details).
Add New User – (only available of Platform can update the AD) Used to create a new user in the Active Directory and then connect them to the Platform System. (See below for details).
The Users Information grid shows a list of users that have been added to the Platform Interface. This may or may not be all of the users in the Active Directory. The following columns are listed in the Users information grid.
Name – The user name which is the Display Name of the user in the Active Directory.
Department / Title – This is the Department field in the Organization tab of the Active Directory
Phone Number – This is the Telephone number found on the General Tab of the AD.
Enabled – This URL type field indicates of the user is active and can login to the Platform or disabled and cannot login. Clicking on the URL will toggle the field.
Max (MB/sec) – Allows system administrator to set a bandwidth limit on the amount of data that can be pulled from the Platform per second. Because the administrator is entering a field within the grid, once they complete the entry they must press on the button on the footer of the grid.
When an operator right-clicks on a user in the grid, the have a number of options:
This option allows the administrator to enable or disable a user from the Platform. It is the same option as clicking on the Enabled column in the grid. When a user is disabled, it has the effect of ‘Disable Account’ in the Active Directory. If the account is disabled in the AD, the user will also not be able to login to the Windows domain. This option also prevents that user from connecting to the domain or the Platform Space Shares manually thru standard SMB connections.
This option is only available if the Platform can update the AD.
The Edit option is used by the system administrator to update password, Department and phone number in the Active Directory.
This option effectively ‘unhooks’ the user from the active directory. The user and user rights are removed from the Platform and all permissions for that user are removed from the Platform Spaces. However, the user is not deleted from the Active Directory.
This option should only be used if there is an error on a standard remove. During the remove process, the system attempts to pull out all references of that user from all Storage Groups and all Platform Spaces. If that process fails in any way, the standard remove process will not remove the user. This option allows the administrator to disconnect the user anyway.
When used by the system administrator, this option will delete the user in the Active Directory and remove all permissions for the user from all Platform Spaces in the Platform. This option is only available if the Platform can update the AD and should only be used when no more record of the user should exist. Please review the disable option as an alternative.
When a new user must be added to the Platform, the system administrator has three options.
- They can add an existing user that is already in the Active Directory
- They can add a New User that will be added to the Active Directory
- They can import a Group listed in the Active Directory and the system will import all of the users in the group to the Platform
When clicking on the Add Existing User button, the Platform will bring up a Search window which is used to locate the user in the Active Directory. This option is normally used when Platform is connected to another Domain and is utilizing an existing AD. The administrator will type in the user name in the search box and the system will search the AD for the name or names.
After locating the correct user, the administrator will select the check box of each user and then click on the ‘Add’ button.
If the system administrator wishes to create a new user in the Active Directory, they will click on the Add New User button. The Platform will bring up a ‘Create New User’ Window and require the administrator to fill out the stand fields of:
Username – This is the login name of the user
Display Name – This is entered into the Display Name in the Ad. It can be different than the user name.
Password – This must follow the password rules of the AD and must be re-entered on the following field.
Department – The department name in the AD.
Office Phone – The Office Phone number in the Ad.
See the Importing Members of a Group below in the Groups section. This option allows an administrator to add a batch of users into the Platform by importing the members of a specific AD group.
After the user has clicked on the add button for either an existing AD user or a new AD user, the system must review and add user permissions for Platform Spaces. The approach is based on a key field in the Platform Spaces Tab of the System Configuration Screens called “Default Platform Space Permission”.
If this field is set to Allowed, then the system will add ‘Modify’ permission to every Platform Space that is Online and connected to a Storage Group for that user.
If this field is set to Denied, then the system will not set any Platform Space access for the user and the Administrator must set these permissions manually. See Platform Space Permissions below.
Groups allow administrators to set up ‘sets or groupings’ of users and then apply file permission to those groups in the permissions screen. Groups are valuable to setting file permissions in the system because administrators can apply permissions to Platform Spaces by groups and then just add users into or pull users out of groups.
Groups can be added to the Platform System and have no effect until two conditions occur:
- Users are added to the group
- Groups are given permission to one or more Platform Spaces
The Groups information grid has two columns:
Group Name – This is the name of the Security Group as specified in the Active Directory.
Edit Members – This URL field allows the administrator to add or delete members from the group.
When an administrator wishes to work with a group in the information grid, the have the following right-click options:
The Edit Group Members screen is used by the administrator to add or remove Platform Users to the Group in question. By using the arrows between the Available Users and the Group Members, the administrator can add or remove members in the Group.
Importing Members from a Group is a simple method to allow System Administrators to easily add users to the system that are already members of an existing group. By right-clicking on the group name, and selecting ‘Import Members’, the system will create a Platform User for every user in that group. If the user is already in the Platform, no updates will be made.
This option removes the selected group from the Platform System. Any Platform Space Permissions defined with this Group will also be automatically updated and the group will be removed from those Platform Spaces.
When the system administrator issues this command, the system will delete the Group from the Active Directory and remove all permissions for the Group from all Platform Spaces in the Platform. This option is only available if the Platform can update the AD and should only be used when no more record of the Group should exist.