By default, access control is disabled. Any user that knows the OpsCenter URL can view all objects and perform all tasks. To control access, you configure authentication for OpsCenter users by performing these tasks:
OpsCenter provides two access roles: admin and user.
Users assigned the admin role can view all objects and perform all tasks. The following are tasks which may only be performed by an admin:
Users assigned the user role can perform all other OpsCenter tasks.
The first time you assign an access role to an administrator or user, OpsCenter generates a password file and enables access control. Authentication is required to access OpsCenter for viewing objects and performing tasks.
To create or modify access roles:
Run the set_passwd.py utility. For example, to create user johndoe with admin role privileges:
$ python /usr/share/opscenter/bin/set_passwd.py johndoe admin Please enter a password for 'johndoe'. Password:
After configuring authentication, restart OpsCenter:
$ service opscenterd restart
Restarting is required only when you create the first user (because it enables access control). No restart is required for adding, modifying, or removing users.
To remove a user:
Edit the OpsCenter password file:
Delete the line of the user that you want to remove (<username>:<password_hash>:<role>). For example:
Restarting is not required to remove a user. Restarting is required to delete the password file. Deleting the password file disables access control. If you delete all users, you will not be able to access OpsCenter.