Alert Users and Roles 6.2

Owned by Ray O'Meara (Unlicensed)
Oct 31, 2020
3 min read

Alert users

As of Alert 5.2.0, there are three default users in Alert.

  • sysadmin - full administrative access to Alert

  • jobmanager - full access to distribution jobs and read access to the Audit page, and Scheduling page, and read access to provider and channel global configuration.

  • alertuser - read-only access to distribution jobs to view the configuration.

In Alert 5.3.0 and later, users are created and controlled using the User Management feature, and on the Authentication page, you configure LDAP and SAML authentication. If you are using LDAP authentication, you can manage users in your LDAP authentication system. If you are using SAML authentication, you can manage users in your SAML authentication system. The existing user roles in Alert are pre-defined. You can create custom user roles in Alert 5.3.0. Only an administrator can manage and assign roles to users that are managed by external systems such as LDAP or SAML.

Alert roles

By default, the following roles are the three possible user roles in Alert, and in Alert version 5.3.0 and later, you can create custom user roles in the User Management interface.

  • ALERT_ADMIN

  • ALERT_JOB_MANAGER

  • ALERT_USER

Role descriptions

  • ALERT_ADMIN: This role has full user privileges, and allows full access to all of Alert's configuration. The system administrator (sysadmin) default user has this role. Note that this role cannot be changed.

  • ALERT_JOB_MANAGER: This role allows a user to read the provider and channel global configuration, and includes the ability to test the configuration. The user has read-only access to scheduling. The user cannot view or change the system settings as it is removed from their navigation panel on the left side of Alert. This user has full access to distribution jobs and read access to the Audit page and Scheduling page.

  • ALERT_USER: This role is the most restrictive. The user cannot view or read data for providers, the global channel settings, scheduling, or system settings. These items are removed from the left side navigation panel. The user has read-only access to distribution jobs to view the configuration.

If you are not configuring LDAP or SAML settings for a user, then the only user available is the sysadmin default user which has the ALERT_ADMIN role.

If you configure LDAP or SAML, then you can assign additional roles, which are described as follows.

Error messages

If you have insufficient permissions to take any action in the user interface, you might see a 403 error message, for example, ‘you are not permitted to view its information’ or 'you are not permitted to perform this action'.

LDAP groups and roles

The administrator of the LDAP server creates groups named as follows to assign the ALERT_ADMIN, ALERT_JOB_MANAGER, or ALERT_USER roles. When these groups are created, the administrator assigns users to those groups.

To assign these roles to users in LDAP, create the following groups.

  • ROLE_ALERT_ADMIN: Users assigned to this group have the ALERT_ADMIN role.

  • ROLE_ALERT_JOB_MANAGER: Users assigned to this group have the ALERT_JOB_MANAGER role.

  • ROLE_ALERT_USER: Users assigned to this group have the ALERT_USER role.

SAML groups and roles

For SAML, you must add an attribute to your application to define the roles. Therefore you may need to create a different application per role to restrict access to Alert.

For SAML, the administrator sets an application attribute called AlertRoles, and assigns ROLE_ALERT_ADMIN, ROLE_ALERT_JOB_MANAGER, or ROLE_ALERT_USER to the attribute to assign the appropriate roles for the application. For each role, the administrator should create a separate application with the AlertRoles attribute set with the corresponding role. Then assign the application to the users requiring that level of access to Alert.

©2018 Synopsys, Inc. All Rights Reserved