.. _Managing Users:

Managing Users
--------------

During the management panel installation on the first node, |product_name| creates the default unique administrator account, superadmin. The user name for this account is ``admin`` and the password is specified during installation. This account cannot be deleted and its privileges cannot be changed. Other than that, superadmin does not differ from a user account assigned the **Administrator** role (i.e. an admin).

An admin can create user accounts and assign to them one or more roles listed below:

- **Administrator**, can fully manage cluster and users.
- **Network**, can modify network settings and roles.
- **Cluster**, can create cluster, join nodes to cluster, and manage (assign and release) disks.
- **ABGW**, can create and manage Acronis Backup Gateway instances.
- **iSCSI**, can create and manage iSCSI targets and LUNs.
- **NFS**, can create and manage NFS shares and exports.
- **S3**, can create and manage S3 cluster.
- **SSH**, can add and remove SSH keys for cluster nodes access.
- **Updates**, can install |product_name| updates.

User accounts to which no roles are assigned are guest accounts. Guests can monitor |product_name| performance and parameters but cannot change any settings.

.. note:: All users can change their own passwords (see :ref:`Managing User Accounts`).

.. _Creating User Accounts:

Creating User Accounts
~~~~~~~~~~~~~~~~~~~~~~

To create a user account in the web-based user interface, do the following:

#. Log in to the management panel as admin.

#. Open the **SETTINGS** > **Users** screen and click **ADD USER**.

#. On the **Add user** panel, specify the user name, password, and, if required, a user description in the corresponding fields.

   .. image:: /images/stor_image1_1.png
      :align: center
      :class: align-center

#. Check the roles to assign to the account and click **Done**.

.. _Managing User Accounts:

Managing User Accounts
~~~~~~~~~~~~~~~~~~~~~~

Any user can change their account password by clicking the user icon in the top right corner of the management panel and then clicking **Change password**.

An admin can create/delete other users' accounts, add/remove roles from them, change their descriptions and passwords (although superadmin's password can only be changed by superadmin), as well as enable/disable user accounts (i.e. allow/prohibit user login). To manage a user account, login as an admin, open the **Settings** -> **Users** screen, select a user from the list, and click **Configure** or **Delete** depending on what you need to do.

.. image:: /images/stor_image1_2.png
   :align: center
   :class: align-center

.. _Adding LDAP or Active Directory Users:

Adding LDAP or Active Directory Users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can add users and user groups to |product_name| from an external LDAP-compliant database or Microsoft Active Directory. These users will be able to log in using their respective user names and passwords. The set of actions these users will be able to perform in |product_name| will be defined by the roles you assign in Storage (listed in :ref:`Managing Users`).

To add an LDAP (or AD) user or group to |product_name|, do the following:

#. On the **SETTINGS** > **Advanced settings** screen, open the **LDAP/AD** tab.

   .. image:: /images/stor_image1_8.png
      :align: center
      :class: align-center

#. Select ``LDAP`` or ``Microsoft Active Directory`` from the **Type** drop-down list.

#. Specify the following parameters:

   - IP **Address** of an LDAP server or AD domain controller;
   - (optional) LDAP **Port**;
   - **Bind DN** (a distinguished name of an LDAP authentication database user) or **Login** (AD);
   - **Bind Password** (LDAP) or **Password** (AD);
   - **Search Base DN**, a distinguished name of a search starting point;
   - (optional) **Advanced** LDAP or AD parameters.

#. Click **Save** to authenticate in Active Directory or LDAP server.

#. On the **SETTINGS** > **Users** screen, click **ADD LDAP USER**.

#. On the **Add LDAP users** panel, select users or user groups to add to |product_name| and click **Add**.

   .. image:: /images/stor_image1_9.png
      :align: center
      :class: align-center

#. On the **Roles** panel, select the roles to assign to selected users or user groups. 

   .. note:: If a role is assigned to a group, every user in it is granted the corresponding privileges.

   .. image:: /images/stor_image1_10.png
      :align: center
      :class: align-center

#. Click **Add** to add users to |product_name|.

   .. image:: /images/stor_image1_11.png
      :align: center
      :class: align-center