KeyConfigure Accounts Configuration

Overview

This dialog lets you configure accounts which can connect to KeyServer with KeyConfigure, and gives you fine grain control over which KeyConfigure actions can be performed depending on the management “role” intended for each specific account. Reporting capabilities of an account can also be limited in “scope” to a specified computer division - usage data for computers outside the specified division will simply not be included within the scope of any usage reports.

The Administrator account is like the root account for a computer - it has all privileges, and it cannot be changed (except for changing the password). Privileges for all other accounts can be edited by the Administrator.

OPEN KeyConfigure Accounts dialog

Accounts

At the top of the dialog there is a drop down menu which lets you select an account to configure. Note that when the Administrator account is selected the ONLY thing you will be able to change is the password. Below the menu, there are three buttons, one which creates a new account, one which will let you edit the name and password for an existing account, and one which lets you delete an account. Clicking on New or Edit will require you to enter the Administrator password (this is needed to set the password for all accounts).

By default, there are three accounts: Administrator, External Report Account, and KeyReporter Guest. The External Report Account is intended for use with external reports which get data from KeyServer through the KeyServer Driver, ksODBC - it has viewing privileges only. The KeyReporter Guest is used by KeyReporter before a user logs in through the web interface. By editing the privileges for this account, you can control what users can or cannot do without logging in to KeyReporter.

The External Report Account will not be available for use by external reports until you assign it a password using the Edit button. The Windows admin installer creates a default DSN configured for external reports to access the External Reports Account with password "Sassafras". If you assign a different password (for better data privacy) you will have to re-configure the DSN (using the Window's ODBC Administrator tool). Note: this account can be deleted, but then it will be recreated the next time you start up KeyConfigure and you will have to again assign a password to enable the account.

The KeyReporter Guest account controls what a user can see in the KeyReporter interface before they have logged in. It has a password, just like any other account. Initially, the password is not configured either in KeyServer or in KeyReporter. In order to enable the account, you must set a password both in KeyServer (via the KeyConfigure Accounts dialog) and in KeyReporter (via the config file or config page). Once the password has been set in both these places, the KeyReporter process can use it to access KeyServer. If you change the password for this account, you should be sure to change the password in the KeyReporter config as well.

Report-only Accounts

When you create a new account, or edit an existing account, you have the option of setting it to to be a "Report-only Account". This means that you will not be able to use this name and password to login through KeyConfigure - it can only be used to login to KeyReporter. For any account that is set to Report-only, the privileges in the final group, KeyReporter Privileges, are the only ones that are meaningful. You can also limit a Report-only account to a specific division, meaning that when reports are run after logging in with this account, only computers in that division will be included in the reports.

All Assistants Item

There is one item in the Accounts drop down menu which is NOT an actual account, but is rather a template. It is called All Assistants, and shows up at the bottom of the list, separated by a horizontal line. When selected, this item lets you view and change the privileges for all accounts except “Administrator”, the master account which is always all-powerful. Because it is not actually an account, the Edit and Delete buttons will be disabled when this is selected from the menu. See below for details.

Privileges List

Below the Account menu and buttons is a list of privileges, grouped by type. Clicking on the expansion triangle next to any group will show the individual privileges for the group. The privileges available to the currently selected account are listed with checkmarks next to them. Clicking to the left of a privilege (where the checkmark appears / would appear) allows you to toggle the privilege on or off for the selected account. Note that some of the privileges are “linked”. That is, if you disable one, it may automatically disable others as well. For example, in the License Privileges group, if all the privileges are enabled and you disable View Details of Licenses, Change Details of Licenses will also get disabled. This makes sense, since if you cannot even see the details of licenses, you clearly shouldn't be able to change them.

When All Assistants is selected from the Accounts menu, the Privileges list acts slightly differently. Each privilege in the account will be marked in one of three ways: with no icon to the left, with a checkmark, or with a dash. No icon means that no account besides the Administrator account has this privilege. A checkmark means that every account has this privilege. A dash means that there is at least one account besides the Administrator which has the privilege, and at least one which does not. With All Assistants selected, you can change any privilege to a blank or a checkmark. When you click OK, this change will be applied to all accounts except Administrator.

The name of each privilege should be self-explanatory, so as long as you are familiar with the KeyConfigure interface.

Related Topics