.. _Managing Virtuozzo Infrastructure Platform Users:

Managing Virtuozzo Infrastructure Platform Users
------------------------------------------------

During the management panel installation on the first node, Virtuozzo Infrastructure Platform creates the default unique administrator account with the **Superadministrator** role. The user name for this account is ``admin`` and the password is specified during installation. This account cannot be deleted and its rights cannot be changed. The superadministrator can create and manage other users' accounts.

.. note:: All users can change their own passwords (see :ref:`Managing User Accounts`).

.. _Managing Roles:

Managing Roles
~~~~~~~~~~~~~~

Virtuozzo Infrastructure Platform comes with two preconfigured roles that you can assign to user accounts: 

-  **Superadministrator** that has complete rights in Virtuozzo Infrastructure Platform,

-  **Viewer** that grants read-only access to Virtuozzo Infrastructure Platform.

..
  .. image:: ../../../images/.png
     :align: center
     :class: align-center

Before creating user accounts, you need to create user roles and assign rights to them. To do this:

#. Open the **SETTINGS** > **User management** > **ROLES AND RIGHTS** tab, click **Add role**.

#. In the **Add role** window, specify a role name and select rights for it from the list:

   - **Cluster** includes the following rights:

     - **Network** allows modifying network settings and roles.
     - **Updates** allows installing updates.
     - **SSH** allows adding and removing SSH keys for cluster nodes access.
     - **Management** allows creating the storage cluster, joining nodes to the storage cluster, and managing (assigning and releasing) disks.

   .. **Services** ???

   - **iSCSI** allows creating and managing iSCSI targets and LUNs.

   - **NFS** allows creating and managing NFS shares and exports.

   - **Compute** allows creating and managing the compute cluster.

   - **S3** allows creating and managing the S3 cluster.

   - **ABGW** allows creating and managing Acronis Backup Gateway instances.

#. Click **Add**. 

.. Add info about editing/deleting roles.

.. _Creating User Accounts:

Creating User Accounts
~~~~~~~~~~~~~~~~~~~~~~

To create a user account in the web-based user interface, do the following:

#. Log in to the management panel as superadministrator.

#. Open the **SETTINGS** > **User management** screen and click **Add user** on the **USERS** tab.

#. In the **Add user** window, specify the user name, description (if required), password, and choose a role to assign to the account in the corresponding fields.

   .. Need to change the screenshot
      .. image:: ../../../images/stor_image1_1.png
         :align: center
         :class: align-center

#. Click **Add**.

.. _Managing User Accounts:

Managing User Accounts
~~~~~~~~~~~~~~~~~~~~~~

Any user can change their account password by clicking the user icon in the top right corner of the management panel and then clicking **Change password**.

An admin can create/edit/delete other users' accounts, add/edit/remove roles from them, as well as enable/disable user accounts (i.e. allow/prohibit user login). To manage a user account, do as follows:

#. Log in to the management panel as superadministrator.

#. Open the **SETTINGS** > **User management** screen and select a user on the **USERS** tab. 

#. On the right panel, click the pencil icon next to a parameter you need to edit or **Delete** depending on what you need to do.

.. Need to change the screenshot
   .. image:: ../../../images/stor_image1_2.png
      :align: center
      :class: align-center

.. _Managing LDAP or Active Directory Users:

Managing LDAP or Active Directory Users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. Need to review this section!

You can add users and user groups to Virtuozzo Infrastructure Platform from an external LDAP-compliant database or Microsoft Active Directory. These users will be able to log in using their respective user names and passwords. The set of actions these users will be able to perform in Virtuozzo Infrastructure Platform will be defined by the roles you assign in Storage (listed in :ref:`Managing Virtuozzo Infrastructure Platform Users`).

To add an LDAP (or AD) user or group to Virtuozzo Infrastructure Platform, do the following:

#. On the **SETTINGS** > **Advanced settings** screen, open the **LDAP/AD** tab.

   .. image:: ../../../images/stor_image1_8.png
      :align: center
      :class: align-center

#. Select ``LDAP`` or ``Microsoft Active Directory`` from the **Type** drop-down list.

#. Specify the following parameters:

   - IP **Address** of an LDAP server or AD domain controller;
   - (optional) LDAP **Port**;
   - **Bind DN** (a distinguished name of an LDAP authentication database user) or **Login** (AD);
   - **Bind Password** (LDAP) or **Password** (AD);
   - **Search Base DN**, a distinguished name of a search starting point;
   - (optional) **Advanced** LDAP or AD parameters.

#. Click **Save** to authenticate in Active Directory or LDAP server.

#. On the **SETTINGS** > **Users** screen, click **ADD LDAP USER**.

#. On the **Add LDAP users** panel, select users or user groups to add to Virtuozzo Infrastructure Platform and click **Add**.

   .. image:: ../../../images/stor_image1_9.png
      :align: center
      :class: align-center

#. On the **Roles** panel, select the roles to assign to selected users or user groups. 

   .. note:: If a role is assigned to a group, every user in it is granted the corresponding rights.

   .. image:: ../../../images/stor_image1_10.png
      :align: center
      :class: align-center

#. Click **Add** to add users to Virtuozzo Infrastructure Platform.

   .. image:: ../../../images/stor_image1_11.png
      :align: center
      :class: align-center
