Security
Security Menu
Users
User menu contains the information of the people who can access Motadata. Every user needs a combination of username and password to access the Motadata. The profile of the user along with credentials is managed in user section. This section allows you to create and manage all the users i.e. local user, LDAP users and RADIUS users.
How Motadata communicates with LDAP and RADIUS for authentication?
- Motadata syncs with LDAP server and imports the list of new users. You’ll need to manually assign a password, department and a role group to them.
- The RADIUS users should be present in Motadata. Motadata uses the username for RADIUS authentication.
Users List in Motadata
| Username | The unique username is used to identify the user when he/she logs in. |
| Departments | A department has a set of monitors. Assigning to a department means giving permission to access monitors of that department. |
| Status | The status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login. |
| Role Group | A role group is a set of permissions for different menus and actions in Motadata. |
| The email address is used for communication by Motadata (e.g. password reset, notifications etc.) | |
| Description | The description helps people to understand the important details about the user. |
| Options | You can edit the user or delete the users. Click on to edit and to delete the users respectively. |
Create and Edit Users
The screen to create and edit the users is exactly same. Click on the +New button to create a new user. To edit an existing user, click on the button.
Create and Edit User Buttons
Create/Update User
| Authentication Type | - Local Authentication: Motadata will evaluate the username and password when user attempts to login from login screen. - RADIUS Authentication: Motadata will communicate with RADIUS server to authenticate the user |
| First Name | Type the first name of the user |
| Last Name | Type the last name or the family name of the user |
| Username | The unique username is used to identify the user when he/she logs in. |
| The email address is used for communication by Motadata (e.g. password reset, notifications etc.) | |
| Password | Type a secure password. The password field hides for RADIUS authentication. |
| Confirm Password | Type your password again. The field hides for RADIUS authentication. |
| Departments | A department has a set of monitors. Assigning to a department means giving permission to access monitors of that department. |
| Role Group | A role group is a set of permissions for different menus and actions in Motadata. |
| Status | The status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login. |
| Description | The description helps people to understand the important details about the user. |
Delete Users
Click on the Delete icon from users list page to delete the user. Deleting the users will also also delete all the content and settings related with the user. Motadata gives a warning message while deleting the user.
Motadata’s Warning Message on Deleting a User
LDAP Servers
LDAP server is a common place that contains user information of all people in the network. LDAP configuration in Motadata allows users of LDAP server to access and manage Motadata GUI portal. Motadata reads from the “motadata users” group in LDAP server. Motadata syncs wiht the server in every 24 hours to get an updated copy of users.
Prerequisites
- The LDAP server should be up and running.
- The server should have a user group called “motadata users”.
- Motadata will fetch all the users from the defined group.
LDAP Servers in Motadata
Configure/Update LDAP Server: The screen to create and edit the LDAP servers is exactly same. Click on the +New button to configure a new LDAP server. To edit an existing server, click on the edit button. Once clicked, the following popup appears.
Enter the below details:
| Parameter Name | Description |
|---|---|
| Name | Enter the name of the Ldap server. |
| Host | Enter the host IP address. |
| FQDN | Enter the FQDN address |
| Port | Enter the port number. For LDAP - 389 and for LDAPS 636. |
| User Name | Enter the user name. |
| Group name | Enter the group name whose users you want to sync. |
| Password | Enter the password. |
| Confirm Password | Confirm the above entered password. |
| Protocol | Enable if you want to configure LDAPS server. If enabled, the 636 port must be enabled for LDAPS connection and a valid SSL certificate must be present and added to the JKS file. |
| Test Connection | Click to test the connection with the LDAP or LDAPS server. |
Once done, click Create, and the configured LDAP server will appear on the list page. There you can initiate the sync process to sync the LDAP users with the NMS application.
Sync Now: Click on the sync now icon to sync the LDAP server and fetch the subscribers. By default Motadata fetches the information in every 24 hours. Motadata locks the ‘first name’, ‘last name’, ‘username’ and ‘email address’ of the users. This means you cannot change these information.
User Created from LDAP
Edit LDAP User
When Motadata system will sync to LDAP, LDAP will only provide Username and password as it doesn’t have the department. Based on the User’s Role, person will have to manually assign the department.
Delete: Click on the Delete icon to delete the LDAP server. Deleting the LDAP server will also delete all the content and settings related with the server. Motadata gives a warning message while deleting the server. When you delete the LDAP server configuration, Motadata also deletes the users of the LDAP server.
Delete Button and Warning
Departments
Department (like in the offices) is a tag/group that helps in classification of monitors and users. It is also a security measure in Motadata. For example: the monitors under the department ‘Security’ are visible only to the same department users. In admin section, we only need to define the name and description of the departments. By default ‘Global’ department is available in Motadata. If you don’t assign a user or a monitor to any department, Motadata will assign a ‘Global’ department to it.
Departments List
To create a new department navigate to +New button. Mention the name of the department. Write a short description about the department.
Create New Department
Edit the department to make changes in department name and description. Click on the icon to edit the department.
Edit icon in Department
Edit Department
To delete a department, click on the Delete icon.
Note that “Global” is the default department and you cannot delete it. Motadata will also delete the users in this department if they are not assigned to any other department.
Delete Department and Warning
User Roles
User roles is another level of security in Motadata that manages the access rights of the users. In Motadata, a role is a set of permissions that defines access and manage permissions of the menus. All the users in Motadata requires a role to create, read, update, and delete (CRUD) operations. The role group has following benefits:
- You can assign a role to many users at a time. This means you don’t need to manage permissions of each user individually.
- You can change the permission in role group. The change will affect all the users in that group.
- You can assign one role to one user.
- You can choose to give Admin access to the users of a role. Note that users with Admin role will get complete access of Motadata.
- You can edit the users and assign them the roles created in this section.
- You can also give partial rights to an user for Admin Panel Access.
List of User Roles
Manage User Role
The screen to create and edit the User Roles is exactly same. Click on the +New button to create a new user role. To edit an existing user role, click on the button.
Create New User Role Screen
| Role Group | Type the name of the role group. It is used to identify the role group. |
| Admin Panel Access | Select ‘Yes’ or ‘No’ from drop-down. When selected yes, the users in this role group will see the admin menu (Not recommended). |
| Description | Type the description about the role group. It helps people to understand what this role group is about. |
| Menu Visibility | Select the menu(s) that should be visible to users of this role group. Note: Home screen is visible by default. |
| Permissions | For each menu, select the permissions of ‘Create’ ‘Delete’ ‘Manage’ and ‘Update’. - Create: Allows users to create new record - Delete: Allows users to delete the unnecessary records - Manage: Allows users to perform various actions on the record - Update: Allows users to update the value of record |
Delete User Role: Click on the delete icon to delete the user role. Motadata gives a warning message while deleting the role. Motadata will also delete the users in this role if they are not assigned to any other role.
Delete User Role and Warning
Data Security
Data security is the third and final step to complete the security configurations in Motadata. Now you have departments and user roles created; you can map the monitors with the departments. This will do the following:
- The monitors in a department will be visible only to the users of same department.
- The user role will define what those users can do with assigned monitors.
- A monitor can have more than 1 department and vice - versa.
- Same flow is available for sources of Flow/Log/Trap. We have used another tab just for the sake of convenience.
Data Security - Monitors in Departments
We have a specific method to assign and un-assign the department.
- Select the monitors from the list.
- Select the departments from the multi-selection list.
- Click on the “Assign” button.
Manage Data Security
Points to Remember
- You cannot un-assign an IP address from Global department. Global department is default department that has rights to everything in Motadata. Administrator account uses this department.
- To assign department(s), check the IP address and type the names of departments. Click assign.
- This process removes all existing departments associated with IP address and assigns new selected departments. To remove an IP address from all departments, select the IP address and click Reset.
RADIUS Settings
Similar to LDAP server, RADIUS server stores information of all the users in the network. RADIUS server is used for the real time authentication i.e. every time Motadata will send the user credentials to RADIUS server for authentication. Motadata uses only authentication service of RADIUS (and not authorization service).
How to Use RADIUS Feature
- Setup the RADIUS Settings.
- Create a new user in ‘Users’ menu with RADIUS type authentication.
Create RADIUS Settings
Configure RADIUS Server
- Provide the RADIUS Server IP address.
- Provide the RADIUS Server port address.
- Provide the Server Secret (also known as password).
- Choose security type. Currently only PAP is available.
Create RADIUS User
- Go to Users menu.
- Create new user.
- Select authentication type as: RADIUS.
- Fill the required details.
Create RADIUS Users
Audit
Audit contains all the logs of the activity in Motadata Server. Motadata retains up to 1 Lakh Audit logs. All the recent changes made in Motadata Server will show up in the initial pages, the logs will sort based on the age. You may also export the audit logs by clicking Export button on top right corner. The logs shall be exported in excel format.
Audit Log
You can also export the audit logs in PDF or CSV using the actions tab.
When you click on ‘Export PDF’ the report appears as below:
Search will work only for ‘Message Column’ i.e Any keyword present in the Message Column will only be searched and not any other.