User Management
Use the User Management page to create users and groups and to define roles and permissions. To reduce the effort and complexity involved in configuring roles for individual users in BVD, permissions are granted only through roles.
You can specify roles either by assigning them to a group (so that all members of the group are assigned the same roles) or by assigning roles to a user directly. The user and group configuration depends on the functions the user or group of users fulfill, as well as the tasks that they perform.
For a suggested workflow and overview of the steps involved in setting up users, groups, and roles, see Best Practices.
For a step-by-step description of the tasks you can perform through user management, see Tasks.

Administration > User Management
Learn More

Below is a set of planning best-practices and a suggested workflow for setting up user management in BVD:
-
Before you configure users, groups, and roles, you should map out the required roles and their relevant permissions, as well as the users and groups you intend to assign the roles to. For example, enter the following information in an Excel sheet:
-
A list of users who are to access BVD, edit, and create dashboards. Gather appropriate user details such as user names, logins, and initial passwords. Although not needed to define users, at this stage it might be useful to also collect user contact information such as email addresses.
-
If multiple users require similar permissions, create a list of groups, and the users that should belong to each group.
-
The appropriate permissions for each role. To aid in this process, review the Permissions Reference section to learn about dashboard categories and resources for which permissions can be granted. For details, see Permissions Reference.
-
Create roles and assign relevant permissions.
For step-by-step instructions on how to create and configure a role, see How to Create Roles.
-
Create groups and grant them the appropriate roles.
For step-by-step instructions on how to create a group, see How to Create Groups.
-
Create users, grant them the appropriate roles and place them in the appropriate groups.
For step-by-step instructions on how to create a user, see How to Create Users.

BVD enables you to fine-tune permissions management by applying permissions within roles. Permissions enable you to restrict the scope of a role. You can assign roles to users and groups enabling access to specific areas of BVD.
Permissions consist of resources, for example, Dashboards, to which operations, for example View, are applied.
-
When the View operation is one of the resource's available operations and you select one of the other available operations, the View operation is also automatically selected.
-
The Full Control operation automatically includes all operations available on the resource. When applied, the other operations are automatically selected.
For a list of available resources and descriptions of operations in BVD, see Permissions Reference.

For dashboard templates, you can either assign View or Full Control permission for the template itself, or assign permissions only for specific instances.
This depends on the categories you assign to the template and each instance.
If you grant a user or group Full Control or View permission for a category assigned to the template, the user or group will have these permissions also for every instance of the template.
If you grant a user or group Full Control or View permission for a category assigned to an instance, the user will have these permissions only for that instance.
For information on how to set permissions, see How to Set Permissions.

-
Groups. Groups make managing roles more efficient; instead of assigning roles to each user one at a time, you can group users who are assigned the same roles into a single unit.
-
User Types. BVD supports different user types:
Users with the appropriate dashboard permissions can view, edit, or create dashboards and instances. They can download tools and samples to aid in the development of dashboards and the integration of data. Users with edit permissions can view the
Error Notifications icon on the menu bar. This icon is useful when binding dashboards to data sources. Clicking the icon displays the error list.
Administrator users (users with super-admin permissions) have the following capabilities:
-
Full control and view on all dashboards.
-
Manage users, groups, and roles, including the creation and deletion of dashboard categories.
-
Apply custom style sheets and reset API keys in the BVD system settings.
-

One built-in super-admin user is defined for every installation of BVD. The login and the password for this account are specified during the BVD configuration.
The built-in super-admin is not listed among the users in user management. If you have logged in as the super-admin, you can change the user's information, including password and contact information in the My Account page in the Personal User Settings menu.
You can apply Super-Admin permissions to other users in the system. These super-admin users can be modified in user management. For information on how to grant super-admin status to a user, see How to Create Users.
Note: Super-admins have all permissions assigned and are the only user type that can work with user management and system settings.

To obtain more user management capabilities and security, we recommend using external LDAP user management. You can apply the LDAP User type when creating or editing users to manually configure them as LDAP users. LDAP users will be authenticated against the chosen LDAP server. For information on how to configure BVD to work with LDAP, see LDAP Authentication and Mappings.
Tasks

-
Click Create New User on the user management screen.
Alternatively, access the Manage Users pane and select New User.
-
In the Properties section, enter the required user name, login, password, and optional email.
- Optional. If LDAP is enabled, you can select the LDAP User check box to mark the user as a manually-created LDAP user. For information on LDAP, see LDAP Authentication and Mappings.
-
Select the groups the user will be a member of.
-
Assign roles or (optional) set the user as a Super-admin with all permissions assigned. When finished, click Create User. For information on the Super-admin user type, see Super-Admin User.
The user's basic information, as well as groups they belong to and roles assigned and inherited from groups, now appears on the right of the Manage Users pane when selecting the user.
To delete existing users, select Manage Users, select one or more users you want to delete, and click the Delete User or Users button.
Tip: In the Manage Users pane ( Administration > User Management), you can click the Deactivate button to apply the Inactive User flag to users who are set to be temporarily inactive, for example, while the administrator is setting up roles and groups or if the user is on vacation or leave. Inactive users cannot log on to BVD.

-
Click Create New Group on the user management screen.
Alternatively, access the Manage Groups pane and select New Group.
-
In the Properties section, enter the required group name and optional description.
-
Optional. If LDAP is enabled, you can search for and select the LDAP groups that are mapped to the BVD group. For information on LDAP, see LDAP Authentication and Mappings.
-
Add group members and assign roles in the relevant sections of the group editor. When finished, select Create Group.
Tip: You can select multiple users to add to the group by clicking the ... button next to the Add user... field. The Select Users editor opens. Select a single user, and then hold down the Ctrl key while you click other users that you want to select.
When working with BVD on a mobile device, make sure to click a user twice to select it.
The group's basic information, including roles assigned, now appears on the right of the Manage Groups pane when selecting the group. You can also navigate between groups in the group's information pane.
To delete existing groups go to the Manage Groups pane, select one or more groups you want to delete, and click the Delete Group or Groups button.

-
Click Create New Role on the user management screen.
Alternatively, access the Manage Roles pane and select New Role.
-
In the Properties section, enter the required role name and optional description.
-
In Permissions, you can select the relevant category and set the appropriate permissions by checking the related boxes, or use the drop-down menus on each permission summary.
For a list of permissions and related descriptions see Permissions Reference.
For a detailed task on setting permissions, see How to Set Permissions.
If you have already created users or groups, you can assign them during role creation or editing. When finished, select Create Role.
To delete existing roles, select Manage Roles, select one or more roles you want to delete, and click the Delete Role or Roles button.
Note: When there are more than 1000 users in the system, the user search box is no longer displayed. Click the ... button to access the user list and search filter dialog box.

In this task, you set or modify the permissions in BVD roles. Users require permissions to view, edit, or create BVD dashboards, templates, and instances.
-
In the User Management page or in the Manage Roles page, create or edit the role you want to configure.
-
Scroll to the permissions section in the Create Role or Edit Role page.
-
Expand Dashboards > Categories and assign an operation to one or more dashboard categories:
-
All. To grant permissions to all dashboards and instances regardless of the category, click View or Full Control for All.
-
Assigned to category. To grant permissions to all dashboards and instances with any category, click View or Full Control for Assigned to category.
Alternatively, to grant access to individual dashboard categories, select the appropriate category.
-
Not assigned to category. To grant permissions to all dashboards and instances without a category, click View or Full Control for Not assigned to category.
-
-
Click Manage Categories to add new categories to the permissions list. You can also delete categories from the list if they are no longer needed.
Note: Changes to a user account are only fully available after the user whose account was changed logs in again to BVD.
Permissions Reference

Categories | All |
Grants view or full control permission for all dashboards (with or without categories assigned). Full control on All grants the following additional permissions:
|
|
Assigned to category <category> Not assigned to category |
View |
Grants permission to:
|
|
Full Control |
|