Introduction

• JS7 - Identity Services implement Authentication Methods and access to Identity Providers, for example credentials such as user account/password are used as an Authentication Method to access an LDAP Directory Service acting as the Identity Provider, see JS7 - Identity and Access Management.
• Depending on the Identity Service Type in use the user accounts are managed and stored with the Identity Service or with JOC Cockpit, see JS7 - Identity Services.
• JOC Cockpit manages permissions and roles for any Identity Services and stores such information independently from the Identity Service.
• Find details from the following articles:
  • JS7 - Manage Roles and Permissions
  • JS7 - Manage User Accounts

Manage User Accounts, Roles and Permissions

After installing the JOC Cockpit a user can log in with the default root user account and root password that are available from the JS7 - JOC Identity Service.

• The JOC Identity Service is active and is the only Identity Service available by default.
• The JOC Identity Service includes the default root user account. Users are encouraged to change the password of the root user account after initial installation of JOC Cockpit.

To manage user accounts, roles and permissions from any JOC Cockpit page use the user menu in the right upper corner and select Manage Identity Services:

The Manage Identity Services page holds the list of the available Identity Services. By default the list is populated from the JS7 - JOC Identity Service. Users can add new Identity Services. From this page users can select an Identity Service to manage the user accounts associated with the Identity Service. Assume that the JOC Identity Service is selected by clicking the name JOC.

The JOC Identity Service page offers three sub-views: Roles, Accounts, Profiles. Selecting an Identity Service by default opens the Roles sub-view.

• Roles: Permissions can freely be grouped to roles. This includes to specify permissions for scheduling objects in JOC Cockpit and in Controllers.
• Accounts: Management of user accounts that are stored with the JS7 - Database.
• Profiles: Information about the date of last login by user accounts.

The Roles sub-view

The Roles sub-view allows to assign permissions for access to scheduling objects with JOC Cockpit and Controllers.

When the sub-view is opened after initial installation of JOC Cockpit then it is populated from default roles and permissions, see JS7 - Default Roles and Permissions. Users are free to modify, to add and to delete any roles. Please keep in mind that at least one role that includes administrative permissions to access all objects in JOC Cockpit and Controllers is required and has to be assigned an administrative user account. Should no administrative role be left then this corresponds to locking the door behind you and throwing away the keys. In this situation consider JS7 - Rescue in case of lost access to JOC Cockpit.

The Accounts sub-view

The Accounts sub-view is available when a user selects the Identity Service from the Identity Management Services page. The sub-view lists the user accounts that are configured along with their roles.

The Permissions sub-view

This view allows graphical navigation and selection of permissions:

Further Resources