User management in Imply UI

Managing permissions and roles

Every user within Imply can belong to one or more roles. A role is a collection of permissions that the user has access to. Some roles are created by default but the set of roles can be modified to fit specific use cases.

The roles can be managed from the settings view.

settings roles

You can edit an individual role and assign different permissions to it. It is not possible to edit the super-admin role which permits all actions.

settings role

Within a given role you can add and remove permissions that are granted to the users associated with that role. The permissions belonging to a given user is the superset of all the permissions from all the roles assigned to that user.

The possible permissions are:

Managing users

You can manage users in the Users tab in the settings.

settings users

Here you can create new users and edit and assign roles to existing users.

Using LDAP in Imply

Imply UI can be configured to use an LDAP server to authenticate users and to map the LDAP group assignment to the Imply roles.

The LDAP group assignment could be taken either from a key on the user's LDAP object (via rolesKey) or vis a separate LDAP group search

You can enable the LDAP connection by setting the following in the config:

# Setting verbose mode to true will log the user objects received from the LDAP server.
# This can be very helpful to tune properties like rolesKey (below)  
verbose: false

userMode: ldap-authentication

superAdminUser: 'james' # The username of a user that will always made super-admin, useful for bootstrapping. 
ldapOptions:
  url: 'ldap://ldap_host:389' # Your LDAP server
  bindDN: 'cn=admin,dc=imply,dc=io' # The admin bind dn
  bindCredentials: 'JonSn0w' # The password for the admin bind dn
  searchBase: "dc=imply,dc=io" # The search base where your users are located
  searchFilter: "(uid={{username}})" # The search filter that specifies hot to find a specific user  
  rolesKey: 'memberOf' # The key on the returned member object that represents group membership

For a separate group search use the following ldapOptions:

ldapOptions:
  url: 'ldap://ldap_host:389'
  bindDN: 'cn=admin,dc=imply,dc=io'
  bindCredentials: 'JonSn0w'
  searchBase: "dc=imply,dc=io"
  searchFilter: "(uid={{username}})"
  groupSearchBase: "ou=groups,dc=imply,dc=io"
  groupSearchFilter: "(member={{dn}})"
  groupSearchAttributes: ['dn']

For more info see the config-api documentation.

It is always a good idea to verify that your parameters are correct by running an ldapsearch like below (adjust variables as needed).

ldapsearch -x -h ldap_host -p 389 -b "dc=imply,dc=io" -D "cn=admin,dc=imply,dc=io" -w "JonSn0w" "(uid=some_username_that_exists)"

After you initially log in you can go and configure the Imply user roles.

settings-role

You can specify how the LDAP groups (the values of the rolesKey attribute in the returned user object) map to Imply user roles.
Set the External Role Name to the name of your LDAP group. If you are not sure what it is set verbose: true, restart the server and log in, you will see all the reported user groups.

Overview

Tutorial

Deploy

Manage Data

Query Data

Visualize

Configure

Special UI Features

Misc