Skip to content

User right management

Authentification and authorization

User authentification

Every user can log in with his e-mail address and a corresponding password. The password is stored as a hash value.

The user password must meet the following criteria for security reasons:

  • Password length between 8 and 18 characters.
  • At least one capital letter.
  • At least one lowercase letter.
  • At least one number.
  • At least one special character.

Resetting the password is only possible by the user himself. After a failed login attempt, you can have your password reset. A link to a password reset in the web GUI will be sent to the user by e-mail.

To prevent brute force attacks, the GUI delays a next login attempt by 5 seconds after each failed login.

The backend side login service is limited to 10 calls per minute and IP address and the response time of the login is artificially increased.

User authorization

The following figure illustrates the structure of authorization management. Currently, roles can be assigned to users. In the future, it is planned to enable the creation of custome roles and assignment of groups.

Figure: authorization right management

The following table describes the roles and group assignment in detail:

Roles Scope Description Right-Groups
Server administrator Server Configure server instance settings and create or deactivate environments. Administrator
Environment administrator Environment Configure environment settings and user access. Environment Admin, Environment Viewer, User admin, User viewer, API token admin, API token viewer
User GUI access Environment Get GUI access for the specific environment. Environment Viewer, User and password settings
User API token management Environment Define and manage user specific API tokens for the specific environment. User API token management
CMDB viewer Environment Navigate, search and visualize configuration items and assets. CAMDB reader
CMDB writer Environment Save or update configuration items and assets via API. Depends on User API Token management. CAMDB writer
CMDB configurator Environment Configure the settings for configuration items and assets (entity, entity groups, importer). CAMDB configuration
CA viewer Environment View and analyse the cost allocation. CA reader
CA configurator Environment Create and configure price models for cost allocations. CA writer --> define price models
GC viewer Environment View and analyse the violations and notifications based on governance & compliance rules. GC reader
GC executor Environment Execute a verification process for a ruleset.
GC configurator Environment Create and configure rulesets for governance & compliance verification.
Table: roles and groups