Account & Permissions

Learn how to manage user accounts, permissions, and security settings in ElasticView.

User Account Management

Account Types

ElasticView supports different types of user accounts:

• Administrator: Full system access and configuration
• Editor: Content management and plugin configuration
• Viewer: Read-only access to data and dashboards
• Custom: User-defined permission sets

Creating User Accounts

Basic User Creation

1. Navigate to User Management

   • Go to "System Settings" → "User Management"
   • Click "Add New User"

2. Enter User Information

   username: "john.doe"
   email: "john.doe@example.com"
   full_name: "John Doe"
   department: "IT Operations"

3. Set Authentication

   • Generate secure password
   • Configure password requirements
   • Set up two-factor authentication (optional)

4. Assign Permissions

   • Select user role
   • Configure specific permissions
   • Set access restrictions

Bulk User Import

Import multiple users from CSV:

username,email,full_name,role,department
alice.smith,alice@example.com,Alice Smith,editor,Marketing
bob.jones,bob@example.com,Bob Jones,viewer,Sales

User Profile Management

Profile Information

Users can update their profiles:

• Personal Information: Name, email, phone
• Preferences: Language, timezone, theme
• Avatar: Profile picture upload
• Contact Details: Emergency contact information

Password Management

Password Requirements

• Minimum 8 characters
• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one special character

Password Reset

1. Self-Service Reset

   • Click "Forgot Password" on login
   • Enter email address
   • Follow reset link in email

2. Admin Reset

   • Navigate to user management
   • Select user account
   • Click "Reset Password"

Two-Factor Authentication

Setup 2FA

1. Enable in Profile Settings

   • Go to "Account Settings" → "Security"
   • Click "Enable 2FA"

2. Configure Authenticator

   • Scan QR code with authenticator app
   • Enter verification code
   • Save backup codes

3. Verify Setup

   • Log out and log back in
   • Enter 2FA code when prompted

Permission System

Role-Based Access Control (RBAC)

Predefined Roles

Administrator

• Full system configuration
• User management
• Plugin installation and configuration
• System monitoring and logs
• Security settings

Editor

• Data source configuration
• Plugin management (install/configure)
• User data access
• Dashboard creation
• Report generation

Viewer

• Read-only data access
• Dashboard viewing
• Report viewing
• Basic search functionality
• Profile management only

Custom Roles

Create custom roles with specific permissions:

role_name: "Data Analyst"
permissions:
  data_sources:
    - read
    - query
  dashboards:
    - read
    - create
    - edit
  plugins:
    - read
  users:
    - read_own_profile

Permission Categories

System Permissions

• System Configuration: Modify system settings
• User Management: Create, edit, delete users
• Role Management: Create and modify roles
• System Monitoring: Access logs and metrics
• Backup/Restore: System backup operations

Data Permissions

• Data Source Access: Connect to data sources
• Query Execution: Run queries against data
• Data Export: Export data to files
• Schema Modification: Modify data structures
• Data Import: Import data from external sources

Plugin Permissions

• Plugin Installation: Install new plugins
• Plugin Configuration: Configure plugin settings
• Plugin Management: Enable/disable plugins
• Plugin Development: Upload custom plugins
• Plugin Marketplace: Access to plugin store

Interface Permissions

• Dashboard Creation: Create new dashboards
• Dashboard Editing: Modify existing dashboards
• Report Generation: Create and schedule reports
• Alert Configuration: Set up monitoring alerts
• Theme Customization: Modify interface themes

Permission Inheritance

Group-Based Permissions

Users inherit permissions from groups:

groups:
  - name: "IT_Operations"
    permissions:
      - system_admin
      - data_full_access
      - plugin_management
    
  - name: "Business_Users"
    permissions:
      - data_read_only
      - dashboard_view
      - report_view

Hierarchical Permissions

Permissions can be hierarchical:

• Department Level: Permissions for entire department
• Team Level: Permissions for specific teams
• Individual Level: User-specific permissions

Security Features

Authentication Methods

Local Authentication

• Username and password
• Password complexity requirements
• Account lockout policies
• Session management

LDAP/Active Directory

ldap:
  server: "ldap://company.com:389"
  base_dn: "dc=company,dc=com"
  user_dn: "cn=users,dc=company,dc=com"
  group_dn: "cn=groups,dc=company,dc=com"
  username_attribute: "sAMAccountName"
  email_attribute: "mail"

OAuth/SAML Integration

• Google OAuth
• Microsoft Azure AD
• SAML 2.0 providers
• Custom OAuth providers

Enterprise Authentication

enterprise_auth:
  wechat_work:
    enabled: true
    corp_id: "your_corp_id"
    agent_id: "your_agent_id"
    secret: "your_secret"

Session Security

Session Configuration

session:
  timeout: "8h"          # Session timeout
  max_concurrent: 3      # Max concurrent sessions
  secure_cookies: true   # HTTPS only cookies
  http_only: true        # Prevent XSS
  same_site: "strict"    # CSRF protection

Session Monitoring

• Active session tracking
• Unusual login detection
• Geographic login alerts
• Device fingerprinting

Access Control

IP-Based Restrictions

access_control:
  allowed_ips:
    - "192.168.1.0/24"
    - "10.0.0.0/8"
  blocked_ips:
    - "192.168.1.100"
  
  geo_restrictions:
    allowed_countries: ["US", "CA", "GB"]
    blocked_countries: ["CN", "RU"]

Time-Based Access

time_restrictions:
  business_hours:
    enabled: true
    start_time: "08:00"
    end_time: "18:00"
    timezone: "America/New_York"
    days: ["monday", "tuesday", "wednesday", "thursday", "friday"]

Audit and Compliance

Activity Logging

User Activity Tracking

• Login/logout events
• Permission changes
• Data access logs
• Configuration modifications
• Failed authentication attempts

Audit Log Format

{
  "timestamp": "2023-12-01T10:30:00Z",
  "user_id": "john.doe",
  "action": "data_source_created",
  "resource": "mysql_production",
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0...",
  "result": "success"
}

Compliance Features

Data Privacy

• Personal data identification
• Data anonymization tools
• Right to be forgotten compliance
• Data export for users

Regulatory Compliance

• GDPR: European data protection
• HIPAA: Healthcare data security
• SOX: Financial reporting controls
• PCI DSS: Payment card security

Security Monitoring

Threat Detection

• Brute force attack detection
• Unusual access pattern alerts
• Privilege escalation monitoring
• Data exfiltration detection

Security Alerts

security_alerts:
  failed_login_threshold: 5
  unusual_location_alert: true
  privilege_change_alert: true
  data_export_alert: true
  
  notification_channels:
    - email: "security@company.com"
    - slack: "#security-alerts"
    - webhook: "https://siem.company.com/webhook"

Best Practices

Account Security

Password Policies

• Enforce strong passwords
• Regular password rotation
• Prevent password reuse
• Account lockout after failed attempts

Access Reviews

• Regular permission audits
• Quarterly access reviews
• Automated deprovisioning
• Role-based access validation

User Management

Onboarding Process

1. Create account with minimal permissions
2. Assign to appropriate groups
3. Provide security training
4. Enable 2FA
5. Monitor initial activity

Offboarding Process

1. Disable account immediately
2. Revoke all permissions
3. Archive user data
4. Update shared resources
5. Document access removal

Monitoring and Alerting

Key Metrics

• Failed login attempts
• Privilege escalations
• Unusual data access
• Off-hours activity
• Geographic anomalies

Alert Configuration

• Real-time security alerts
• Daily activity summaries
• Weekly access reports
• Monthly compliance reports

Troubleshooting

Common Issues

Login Problems

• Check username/password
• Verify account status
• Check IP restrictions
• Validate 2FA setup

Permission Issues

• Verify role assignments
• Check group memberships
• Review permission inheritance
• Test with minimal permissions

Authentication Failures

• LDAP connection issues
• OAuth configuration problems
• Certificate validation errors
• Network connectivity problems

Getting Help

• Documentation: Security guide
• Support: Technical assistance
• Training: Security workshops
• Community: User forums

Next Steps

• Data Source Configuration - Connect your data securely
• Plugin Management - Manage plugin permissions
• System Configuration - Advanced security settings
• User Interface Guide - Navigate the system