WEBVTT

00:00.150 --> 00:01.480
OK, let's look at uses now.

00:01.500 --> 00:07.510
So, server admin users, OK, there's my default user when I first created Carafano.

00:07.590 --> 00:09.450
And that's the user I've been using throughout.

00:09.990 --> 00:11.220
I can inspect it.

00:11.340 --> 00:13.460
I've given it a email address.

00:14.010 --> 00:17.580
I can manage it's password and it's a global professional admin.

00:17.610 --> 00:23.170
This means it can manage everything in file, even other organizations, for example, down here.

00:23.190 --> 00:24.630
We'll look at that in light of video.

00:25.200 --> 00:30.810
So I've got my main dog there, though I can also force log out from all devices.

00:31.080 --> 00:33.340
If I want it now, we can get other users.

00:33.360 --> 00:37.800
So going back to users, we can create users with reduced permissions.

00:37.860 --> 00:38.850
So new user.

00:38.880 --> 00:40.230
I'm going to call it user one.

00:41.580 --> 00:42.660
And give it a password.

00:43.980 --> 00:47.020
Be anything you'd like, you have to give it an email or username.

00:47.040 --> 00:50.420
It's just easier to give it a username, otherwise get diminishing mouse as well.

00:50.430 --> 00:52.710
I'm just going to copy the name can be anything you like.

00:52.740 --> 00:54.000
Place a crate user.

00:54.090 --> 00:55.050
OK, very good.

00:55.060 --> 00:56.280
So use a one.

00:56.280 --> 00:57.120
It's never logged in.

00:58.050 --> 01:03.990
It's a viewer for the main dot org organization, which is just the default organization that was created

01:03.990 --> 01:05.430
when I installed Bafana.

01:05.460 --> 01:12.000
I can change the role to be either an editor or even an admin for Maine dot org, or I can make it a

01:12.000 --> 01:15.870
global profondeur admin so I can do absolutely everything, but I'm not going to do that.

01:16.500 --> 01:17.820
So it's just a viewer.

01:17.880 --> 01:22.410
OK, so that now means a user called user one with a password.

01:22.410 --> 01:24.210
Whatever I put there can log in.

01:24.300 --> 01:28.860
So on a different browser, I'm using Google Chrome here so that the cookies don't get shared between

01:28.860 --> 01:29.820
the Edge browser.

01:29.820 --> 01:34.770
Here I can log in as user one and enter my password, then log in.

01:35.630 --> 01:42.690
OK, it has read only access to each of the dashboard, so if I go to dashboards browse, I can look

01:42.690 --> 01:45.270
at all the different dashboards that are created.

01:45.270 --> 01:49.590
Each and every single one of them has viewer permissions for any user with a view or permission.

01:49.600 --> 01:53.460
So this user here, user one, is a viewer for my network.

01:53.550 --> 01:55.680
So this user can view the dashboards.

01:55.810 --> 02:00.630
OK, so looking at User 1's user interface user one, it's very restricted.

02:00.630 --> 02:05.880
Doesn't have as many options on the left there as dashboards browse, and it can see all the dashboards

02:05.880 --> 02:12.180
in the system because each of these dashboards has the viewer permission enabled for users with the

02:12.180 --> 02:12.840
viewer permission.

02:13.080 --> 02:15.460
So for example, folks, there we go.

02:15.480 --> 02:20.460
OK, so we can prevent users with the video permission from viewing this dashboard, for example.

02:20.580 --> 02:29.280
So going into my system, where on the admin by going to dashboards browse and I look for VAR locks,

02:30.090 --> 02:33.240
the I'm logged in as my admin user on the left.

02:33.240 --> 02:40.800
Here I can go to Dashboard Settings Permissions and if I look at the default permissions, these are

02:40.800 --> 02:47.760
the different roles that can view this VAR log dashboard so ED can edit, which is one of the roles

02:47.760 --> 02:48.960
and the viewer can view.

02:48.960 --> 02:53.400
So I can just say I don't want viewers to get a view this dashboard anymore so I can just delete it

02:53.400 --> 02:55.890
like that and then just press save, dashboard save.

02:56.010 --> 03:02.900
Now, going back to my user with the View Arrow, if I just refresh that, they can no longer see logs

03:02.920 --> 03:07.960
so they go to dashboards, browse VAR logs doesn't exist in their system.

03:07.980 --> 03:15.180
So when you create a dashboard in the system so dashboards browse any dashboard, say, for example,

03:15.180 --> 03:20.370
node exporter permissions, these are the default roles that are enabled.

03:20.370 --> 03:25.440
So be aware that if you're creating dashboards and you don't want people to see them by default, you

03:25.480 --> 03:27.450
have to manually remove those roles.

03:27.480 --> 03:30.810
So, for example, I'm going to remove the editor role and view a role.

03:31.470 --> 03:34.440
So only admin role now can see this dashboard.

03:34.440 --> 03:38.100
So I'll just save that going back to my other user.

03:38.100 --> 03:44.670
One Log in if I refresh this page, the node exporter dashboard is no longer there.

03:45.330 --> 03:47.400
OK, so dashboard time.

03:47.520 --> 03:56.800
OK, so if I had users and I'd given user one the editor role, so would be a very similar situation.

03:57.090 --> 03:58.020
Use one.

03:58.800 --> 04:06.360
Now, if it views any dashboard, not only can you view the dashboard, it can also edit the dashboard.

04:06.570 --> 04:09.360
So when you're the viewer, you don't get the added option.

04:09.370 --> 04:15.030
You don't get a lot of these other options as well, or even remove or just share that.

04:15.150 --> 04:24.030
So this change it back to a viewer say, OK, so back as my user, one user reload that if I look at

04:24.030 --> 04:27.960
these dropdown options, I want to view, share, inspect or more.

04:28.500 --> 04:29.310
OK, so they go.

04:29.340 --> 04:38.040
You can create many users so I can create another one user to use a two on that, and I can, of course,

04:38.040 --> 04:42.520
manage its details also in the configuration option here.

04:42.540 --> 04:49.320
We have users it's a reduced functionality list, but it only applies to users in the org that you're

04:49.350 --> 04:50.670
managing at the time.

04:50.670 --> 04:52.220
So I'm managing the mine dot org.

04:52.290 --> 04:57.990
In this case, I only have one set up in the system so far so I can see all those users and individually

04:57.990 --> 04:58.620
change them.

04:59.620 --> 05:02.740
Therefore, I wanted to make them both viewers.

05:03.020 --> 05:06.490
OK, so you can experiment with that quite different uses, if you like.

05:06.610 --> 05:10.780
OK, so there's another way of getting users into the system that's using the invite option here.

05:10.990 --> 05:17.440
So if you have some type set up correctly, you can send an email, for example, I'm going to add min

05:17.490 --> 05:19.480
plus test one.

05:19.780 --> 05:21.760
This be code dot it.

05:21.850 --> 05:24.580
I'm just creating a fake email address there.

05:24.730 --> 05:25.720
You should use your own.

05:25.750 --> 05:26.950
You only have one email address.

05:26.950 --> 05:29.860
You can put in a plus and then anything you'd like.

05:29.860 --> 05:34.810
And a lot of email providers will still accept that email, but you'll be a individually in your inbox.

05:34.840 --> 05:39.790
If you want to do something like that anyway, I'm going to just add this user using this invite user

05:39.790 --> 05:40.720
panel submit.

05:40.750 --> 05:47.860
OK, so if I go to pending invites now, there's a user waiting to respond in any way.

05:47.860 --> 05:54.760
If your email provider allows that email to be sent, then your user will have an invite in their inbox.

05:54.910 --> 05:57.520
Anyway, that's an option for you to invite users.

05:57.550 --> 06:02.860
Another way of getting users into the system is through changing some system settings.

06:03.220 --> 06:09.970
OK, so you now Crafar any we can set a property to a scroll to the bottom.

06:11.140 --> 06:12.670
For Allow sign up.

06:14.600 --> 06:22.520
So a microphone, a server, I'm going to edit the profanity so sedate, sycophantic or fan any insult

06:22.640 --> 06:25.340
if I just search for the words, sign up.

06:25.490 --> 06:29.930
I'm going to use Control W to do search their sign up.

06:30.260 --> 06:31.340
OK, so fanned it.

06:31.700 --> 06:32.750
Allow sign up.

06:32.990 --> 06:34.400
So remove that comment.

06:35.000 --> 06:39.500
Now control X to say yes and to restart.

06:40.280 --> 06:41.870
OK if on a server restart.

06:42.140 --> 06:48.230
Now, going back to my other log on where I got use the one, I'm just going to sign out there now at

06:48.230 --> 06:51.320
the bottom of the login page, there's now a sign up option.

06:51.440 --> 06:59.900
So you could give your co-founder address to some say had just go there and then sign up and they could

06:59.900 --> 07:01.550
then sign up, for example.

07:01.610 --> 07:04.180
This method is asking for a email address.

07:04.190 --> 07:08.270
You could say user three at example dot com.

07:09.860 --> 07:10.760
Submit.

07:11.390 --> 07:18.080
OK, and that user has now logged on, so use a three year example dot com and you can see all the dashboards

07:18.080 --> 07:20.690
with the viewer role enabled.

07:21.080 --> 07:27.090
OK, so far metrics, for example, but this viewer can't edit this dashboard and he has those options.

07:27.110 --> 07:29.150
I can't even resize or move things around.

07:29.360 --> 07:31.410
They have very reduced functionality.

07:31.430 --> 07:33.560
They can change their preferences, for example.

07:34.620 --> 07:36.720
There UI color.

07:37.890 --> 07:43.850
Or their default home page of their options of their time zone as they want anyway.

07:44.550 --> 07:51.330
We just saw sign that user out, OK, now there's also another way we can allow users to enter the system

07:51.330 --> 07:52.740
and that is anonymously.

07:52.860 --> 08:00.870
If I go back to the Gryphon in the 80s, sycophantic often any and I search for missing control w or

08:01.290 --> 08:04.890
dot anon, I get options for an anonymous user.

08:04.900 --> 08:06.440
So this comment it out.

08:06.450 --> 08:14.130
Let's enable it and make sure it stays true because by default we will say False Control X to save this

08:14.760 --> 08:15.780
and restart.

08:16.230 --> 08:21.750
Now, after about 10 seconds or so, if I have visit this URL again, just this big code dot net, it's

08:21.750 --> 08:28.440
logged me straight without actually giving me a login option so users can now browse any dashboard they

08:28.470 --> 08:35.730
like, for example, because all of these dashboards still are set as allowing the view a roll axis

08:36.060 --> 08:37.050
so very good.

08:37.890 --> 08:41.730
This is very similar to how often a play is set up.

08:44.500 --> 08:51.640
Except Refine a play also has the options to edit, but you can't save your changes on the final play,

08:51.670 --> 08:54.190
unlocking it edits a could on your own version.

08:54.200 --> 08:59.470
OK, so on this anonymous user, we're not actually logged in yet, but we could sign in if we wanted

08:59.470 --> 08:59.800
to.

09:01.150 --> 09:06.190
And sign up even taste that several different ways of managing users in Havana.