GET STARTED FREE Login

Dashboard: Groups

Groups are an essential component of the access rights systems that is used in the Qrator Labs dashboard. To permit a user access to a certain dashboard section, it is necessary to add them to a group, for which the required policies are set. A user can be a part of multiple groups. Groups can also be related to one another in such a way that one group's policies are automatically added to another one.

Groups are managed in the Groups section of the dashboard.

Note

In the default configuration, this section of the personal dashboard is available only to users in the Access Manager group.

Warning

When configuring access right, make sure that at least one user is always able to edit settings in Users and Groups. If necessary, contact the Qrator Labs tech support team to restore the access.

Introduction

Terms

The system of access rights for the dashboard is based on the three terms.

  • User — a person (usually, an employee of of company that is a Qrator Labs client) that uses their own email address and password for logging into the dashboard. A company account may have multiple users configured. You can view and manage user accounts in the Users section. Any user can edit their own account in the My profile section.

  • Policy — a permission to access a certain dashboard section or resource. Some types of policies allow for more detailed configuration: for example, a right to add new resources does not automatically mean a right to delete them.

  • Group — a set of users, grouped in order to grant them common access rights to the dashboard. A group implements a many-to-many relationship between users and configured policies. It is also possible to include groups into one another.

Example

One possible approach to managing access rights is to create groups that correspond to different departments of the company: Tech support, Sales, etc. You can also create a separate group Senior tech support specialists and include it into Tech support to reuse the configured policies.

Policies

Access rights to the dashboard are granted by adding policies, whose names approximately match the names of the dashboard sections. For example, policies exist with names Prefixes Section, Finance Section, etc.

For some kinds of policies, an identifier is required of a specific resource to which the access will be granted. For example, when adding a Specific resource: Tunnels settings policy, a domain identifier is specified. Such a policy does not affect the access to other domains. If necessary, you can add multiple similar policies with different resource identifiers.

When adding any kind of policy, it is also specified which operations the group's users will be allowed to perform in the section. There are four types of operations: Create, Read, Update, Delete (some operations may be inapplicable to a policy). For example, if you add a Certificates Section policy and specify only the Read and Update operations, then the users of this group will be able to see and update existing SSL certificates but not add or delete them. The exact meaning of each operation may differ slightly from one section to another.

Default configuration

For all Qrator Labs clients, a default configuration is created with four groups, as shown in the table below. The user that is created by default belongs to all four groups, including the Access Manager group that allows them to create new users and add them to the existing or new groups.

Group

Access rights

Technical

View and edit settings in Domains (all subsections), Services (all subsections), Prefixes, Ingress, Certificate storage, WAF, Analytics, Tickets, API tokens.
View settings in Reports, Users, Groups.

Finance

View and edit settings in Finance, Company, Tickets.
View settings in Users, Groups.

Administrative

View and edit settings in Finance, Company, Tickets.
View settings in Domains (all subsections), Services (all subsections), Prefixes, Ingress, Certificate storage, WAF, Analytics, Reports, API tokens, Users, Groups.

Access Manager

View and edit settings in Users, Groups.

View list of groups

The Groups section of the personal dashboard shows a table of all groups for the current account. For each group, its Name, Number of policies, Number of users, and Number of groups are shown.

Next to the Name column header is a filter field you can use to quickly find groups with a certain substring in their names.

Add group

  1. In the Groups section of the dashboard, click the Add group button.

  2. In the dialog that appears, enter a name for the new group.

    Click Next.

  3. Select policies that will be set for the new group. This step can be skipped by clicking Next.

    To add each new policy:

    1. Click Add policy. A policy adding dialog should appear.
    2. Select a policy that you want to add to the group.
    3. Specify a resource identifier, if the policy requires it (see Policies).
    4. Check the checkboxes next to the names of operations that the users in the group should have.
    5. Click Save to finish configuring the new policy and close the dialog.

    After adding a policy, you can click , to go back to the dialog and edit the policy. To cancel adding the policy, click next to its name.

    To go to the next step, click Next.

  4. Select parent groups, from which the new group should inherit policies. This step can be skipped by clicking Next.

    To add a parent group, click Add group. In the dialog that apears, select one or more parent groups in the dropdown and click Save. To cancel adding a parent group, click next to its name.

    To go to the next step, click Next.

  5. Select users that should be included into the new group. This step can be skipped by clicking Create.

    To add a user, click Add users. In the dialog that apears, select one or more parent users in the dropdown and click Save. To cancel adding a user, click next to their name.

    To go to the next step, click Create.

Rename group

  1. In the Groups section of the dashboard, click on a group's name that you want to change.

  2. Next to the page title, click .

  3. In the dialog that appears, enter the new name and click Change.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Add policy

  1. In the Groups section of the dashboard, click on a group's name.

  2. In the Policies block, click Add. A policy adding dialog should appear.

  3. Select a policy that you want to add to the group.

  4. Specify a resource identifier, if the policy requires it (see Policies).

  5. Check the checkboxes next to the names of operations that the users in the group should have.

  6. Click Save to finish configuring the new policy and close the dialog.

  7. To save the changes, click Save in the notification at the bottom of the screen.

Edit policy

  1. In the Groups section of the dashboard, click on a group's name.

  2. in the Policies block, click next to the name of the group you want to edit.

  3. In the dialog that appears, check or uncheck the checkboxes next to the Create, Read, Delete, Update operations.

  4. Click Save to finish configuring the new policy and close the dialog.

  5. To save the changes, click Save in the notification at the bottom of the screen.

Delete policy

  1. In the Groups section of the dashboard, click on a group's name.

  2. in the Policies block, click next to the name of the group you want to delete.

  3. Confirm the action by clicking Delete in the dialog that appears.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Delete multiple policies

  1. In the Groups section of the dashboard, click on a group's name.

  2. Check off the boxes next to the necessary policies. Click the Delete button.

  3. Confirm the action by clicking Delete in the dialog that appears.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Include a group into other groups

A group can be included into other groups. This means that all the policies configured for the group will also be configured for the other groups it is included into.

To include a group into other groups:

  1. In the Groups section of the dashboard, click on a child group's name.

  2. In the Included in groups block, click Add.

  3. In the dialog that apears, select one or more parent groups in the dropdown and click Save.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Remove a group from other groups

  1. In the Groups section of the dashboard, click on a child group's name.

  2. In the Included in groups block, click next to a parent group.

  3. Confirm the action by clicking Delete in the dialog that appears.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Add user to a group

  1. In the Groups section of the dashboard, click on a child group's name.

  2. In the Users block, click Add.

  3. In the dialog that apears, select one or more users in the dropdown and click Save.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Delete a user from a group

  1. In the Groups section of the dashboard, click on a child group's name.

  2. In the Users block, click next to a user's name.

  3. Confirm the action by clicking Delete in the dialog that appears.

  4. To save the changes, click Save in the notification at the bottom of the screen.

Delete group

  1. In the Groups section of the dashboard, click on a child group's name.

  2. In the top right corner, click Delete group.

  3. Confirm the action by clicking Delete in the dialog that appears.

expand_less