9.1. Security

Security Settings

Security Menu

9.1.1. Users

User menu contains the information of the people who can access Motadata. Every user needs a combination of username and password to access the Motadata. The profile of the user along with credentials is managed in user section. This section allows you to create and manage all the users i.e. local user, LDAP users and RADIUS users.

How Motadata communicates with LDAP and RADIUS for authentication?

  • Motadata syncs with LDAP server and imports the list of new users. You’ll need to manually assign a password, department and a role group to them.
  • The RADIUS users should be present in Motadata. Motadata uses the username for RADIUS authentication.
Users list in Motadata

Users List in Motadata

Username The unique username is used to identify the user when he/she logs in.
Departments A department has a set of monitors. Assigning to a department means giving permission to access monitors of that department.
Status The status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login.
Role Group A role group is a set of permissions for different menus and actions in Motadata.
E-Mail The email address is used for communication by Motadata (e.g. password reset, notifications etc.)
Description The description helps people to understand the important details about the user.
Options You can edit the user or delete the users. Click on to edit and to delete the users respectively.

9.1.2. Create and Edit Users

The screen to create and edit the users is exactly same. Click on the +New button to create a new user. To edit an existing user, click on the button.

manage users

Create and Edit User Buttons

create new user

Create/Update User

Authentication Type
  • Local Authentication: Motadata will evaluate the username and password when user attempts to login from login screen.
  • RADIUS Authentication: Motadata will communicate with RADIUS server to authenticate the user
First Name Type the first name of the user
Last Name Type the last name or the family name of the user
Username The unique username is used to identify the user when he/she logs in.
E-mail The email address is used for communication by Motadata (e.g. password reset, notifications etc.)
Password Type a secure password. The password field hides for RADIUS authentication.
Confirm Password Type your password again. The field hides for RADIUS authentication.
Departments A department has a set of monitors. Assigning to a department means giving permission to access monitors of that department.
Role Group A role group is a set of permissions for different menus and actions in Motadata.
Status The status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login.
Description The description helps people to understand the important details about the user.

9.1.3. Delete Users

Click on the icon from users list page to delete the user. Deleting the users will also also delete all the content and settings related with the user. Motadata gives a warning message while deleting the user.

Delete users

Motadata’s Warning Message on Deleting a User

9.1.4. LDAP Servers

LDAP server is a common place that contains user information of all people in the network. LDAP configuration in Motadata allows users of LDAP server to access and manage Motadata GUI portal. Motadata reads from the “motadata users” group in LDAP server. Motadata syncs wiht the server in every 24 hours to get an updated copy of users.

Prerequisites

  • The LDAP server should be up and running.
  • The server should have a user group called “motadata users”.
  • Motadata will fetch all the users from the defined group.
LDAP Servers in Motadata

LDAP Servers in Motadata

Configure/Update LDAP Server: The screen to create and edit the LDAP servers is exactly same. Click on the +New button to configure a new LDAP server. To edit an existing server, click on the button.

ldap server configuration

Create/Update LDAP Server

Sync Now: Click on the icon to sync the LDAP server and fetch the subscribers. By default Motadata fetches the information in every 24 hours. Motadata locks the ‘first name’, ‘last name’, ‘username’ and ‘email address’ of the users. This means you cannot change these information.

New User Created from LDAP

User Created from LDAP

Edit LDAP User

Edit LDAP User

Delete: Click on the icon to delete the LDAP server. Deleting the LDAP server will also delete all the content and settings related with the server. Motadata gives a warning message while deleting the server. When you delete the LDAP server configuration, Motadata also deletes the users of the LDAP server.

Delete LDAP Server

Delete Button and Warning

9.1.5. Departments

Department (like in the offices) is a tag/group that helps in classification of monitors and users. It is also a security measure in Motadata. For example: the monitors under the department ‘Security’ are visible only to the same department users. In admin section, we only need to define the name and description of the departments. By default ‘Global’ department is available in Motadata. If you don’t assign a user or a monitor to any department, Motadata will assign a ‘Global’ department to it.

Departments List

Departments List

To create a new department navigate to +New button. Mention the name of the department. Write a short description about the department.

Create New Department

Create New Department

Edit the department to make changes in department name and description. Click on the icon to edit the department.

Edit icon

Edit icon in Department

edit department

Edit Department

To delete a department, click on the icon. Note that “Global” is the default department and you cannot delete it. Motadata will also delete the users in this department if they are not assigned to any other department.

Delete department

Delete Department and Warning

9.1.6. User Roles

User roles is another level of security in Motadata that manages the access rights of the users. In Motadata, a role is a set of permissions that defines access and manage permissions of the menus. All the users in Motadata requires a role to create, read, update, and delete (CRUD) operations. The role group has following benefits:

  • You can assign a role to many users at a time. This means you don’t need to manage permissions of each user individually.
  • You can change the permission in role group. The change will affect all the users in that group.
  • You can assign multiple roles to one user.
  • You can choose to give Admin access to the users of a role. Note that users with Admin role will get complete access of Motadata.
  • You can edit the users and assign them the roles created in this section.
List of user roles

List of User Roles

Manage User Role

The screen to create and edit the User Roles is exactly same. Click on the +New button to create a new user role. To edit an existing user role, click on the button.

Create New User Roles

Create New User Role Screen

Role Group Type the name of the role group. It is used to identify the role group.
Admin Panel Access Select ‘Yes’ or ‘No’ from drop-down. When selected yes, the users in this role group will see the admin menu (Not recommended).
Description Type the description about the role group. It helps people to understand what this role group is about.
Menu Visibility Select the menu(s) that should be visible to users of this role group. Note: Home screen is visible by default.
Permissions

For each menu, select the permissions of ‘Create’ ‘Delete’ ‘Manage’ and ‘Update’.

  • Create: Allows users to create new record
  • Delete: Allows users to delete the unnecessary records
  • Manage: Allows users to perform various actions on the record
  • Update: Allows users to update the value of record

Delete User Role: Click on the icon to delete the user role. Motadata gives a warning message while deleting the role. Motadata will also delete the users in this role if they are not assigned to any other role.

Delete User Role

Delete User Role and Warning

9.1.7. Data Security

Data security is the third and final step to complete the security configurations in Motadata. Now you have departments and user roles created; you can map the monitors with the departments. This will do the following:

  • The monitors in a department will be visible only to the users of same department.
  • The user role will define what those users can do with assigned monitors.
  • A monitor can have more than 1 department and vice - versa.
  • Same flow is available for sources of Flow/Log/Trap. We have used another tab just for the sake of convinience.
Data Security - IP Addresses in Departments

Data Security - Monitors in Departments

We have a specific method to assign and un-assign the department.

  1. Select the monitors from the list.
  2. Select the departments from the mult-selection list.
  3. Click on the “Assign” button.
Manage Data security

Manage Data Security

Points to Remember

  • You cannot un-assign an IP address from Global department. Global department is default department that has rights to everything in Motadata. Administrator account uses this department.
  • To assign department(s), check the IP address and type the names of departments. Click assign.
  • This process removes all existing departments associated with IP address and assigns new selected departments. To remove an IP address from all departments, select the IP address and click Reset.

9.1.8. RADIUS Settings

Similar to LDAP server, RADIUS srever stores information of all the users in the network. RADIUS server is used for the real time authentication i.e. everytime Motadata will send the user credentials to RADIUS server for authentication. Motadata uses only authentication service of RADIUS (and not authorization service).

How to Use RADIUS Feature

  • Setup the RADIUS Settings.
  • Create a new user in ‘Users’ menu with RADIUS type authentication.

Create RADIUS Settings

Configure RADIUS

Configure RADIUS Server

  • Provide the RADIUS Server IP address.
  • Provide the RADIUS Server port address.
  • Provide the Server Secret (also known as password).
  • Choose security type. Currently only PAP is available.

Create RADIUS User

  • Go to Users menu.
  • Create new user.
  • Select authentication type as: RADIUS.
  • Fill the required details.
Create RADIUS Uses

Create RADIUS Users

9.1.9. Audit

Audit contains all the logs of the activity in Motadata Server. Motadata retains up to 1 Lakh Audit logs. All the recent changes made in Motadata Server will show up in the initial pages, the logs will sort based on the age. You may also export the audit logs by clicking Export button on top right corner. The logs shall be exported in excel format.

Audit Log

Audit Log