admin/平台管理员/普通平台成员篇

admin/平台管理员/普通平台成员登录视角基本相同,权限上存在略微差异,如下:
名称 区别
admin 超级管理员,拥有所有权限。
平台管理员 平台管理员主要是带有区域属性的管理员,协助admin共同管理云平台。除以下权限外,平台管理员拥有和admin同样的权限:
  • 带有区域属性,仅支持管控所属区域内的资源,且不支持创建区域、删除区域相关权限。
  • 不支持工单审批相关权限,我的审批菜单不可见。
  • 不支持许可证管理相关权限,不支持上传许可证等操作。
普通平台成员 平台管理员以外的平台成员,除以下权限外,普通平台成员拥有和admin同样的权限:
  • 不支持工单审批相关权限,我的审批菜单不可见。
  • 仅支持查看所属组织架构的用户。
  • 未赋予的权限。

本章节主要介绍admin/平台管理员/普通平台成员如何使用企业管理功能。

登录云平台

  • Admins can log in to the Cloud via Main Login.

    By using Chrome or Firefox, go to the Main Login page via http://your_machine_ip:5000/#/login. To log in to the Cloud, the admin must enter the corresponding user name and password, as shown in Main Login Page.

    Figure 1. Main Login Page


  • 平台管理员/普通平台成员从项目登录入口登录云平台
    By using Chrome or Firefox, go to the Project Login page via http://your_machine_ip:5000/#/project. To log in to the Cloud, enter the corresponding user name and password. Specifically, the Cloud has two login entrances for Project Login as follows:
    • Local user: the user created on the Cloud. Log in to the Cloud via Local User.
    • AD/LDAP user: the 3rd party user synchronized to the Cloud via the 3rd party authentication. Log in to the Cloud via AD/LDAP User, as shown in Project Login Page.
    Figure 2所示:
    Figure 2. 项目登录界面


企业管理主菜单

admin/平台管理员/普通平台成员登录云平台后,企业管理模块的主菜单如企业管理主菜单所示:
Figure 3. admin视角


Figure 4. 平台管理员/普通平台成员视角


以下详细介绍admin/平台管理员/普通平台成员如何使用企业管理功能。


Organization

Enterprise Management provides an organization management feature for enterprise users, where an organizational structure tree is displayed in cascade and you can directly get a complete picture of the enterprise organization structure. Enterprise Management mainly includes the following concepts:
  • Organization

    The basic unit of an organizational structure in Enterprise Management. You can create an organization or synchronize an organization through 3rd party authentication. An organization can be divided into a top-level department and a normal department. The top-level department is the first-level department in the organization, and can have multi-level subsidiary departments.

  • User

    A virtual ID, simply a natural person who is the most basic unit in Enterprise Management. A user has multiple attributes, such as a platform admin, project admin, and head of a department.

  • Head of Department

    A user that is responsible for managing departments in an organizational structure. A head of a department has the permission to check department bills.

Associated concepts of an organization is shown in Associated Concepts of Organization.
Figure 1. Associated Concepts of Organization


组织架构界面

admin/平台管理员/普通平台成员登录云平台后,在ZStack私有云主菜单,点击高级功能 > 企业管理 > 组织架构按钮,进入组织架构界面,如Figure 2所示:
Figure 2. 组织架构界面


  • The organization tree is displayed in hierarchy and allows you to view the whole picture of the enterprise structure.
  • The organization can be divided into top-level department and department. Specifically, the top-level department, the first level department, can have multi-level departments.
  • In the organization tree, the head of department for the top-level department or department has a red star icon at the lower right.
  • The organization synchronized via the 3rd authentication lets you create an organization tree independently.
  • You can add multiple organization trees. Notice that the users under the different organization trees are invisible from each other.
  • The admin or platform admin can view all the organization trees, while the platform users can only view their own organization trees.

添加组织

组织架构界面,点击添加组织按钮,弹出添加组织界面,可参考以下示例输入相应内容:
  • 名称: 输入组织名称
  • 简介: 可选项,可留空不填
  • 类型: 选择组织类型,可选择添加部门或顶级部门
    Note: 添加部门,需指定上级部门,在已添加的顶级部门或部门中选择。
  • 部门负责人: 可选项,指定相应的用户作为部门负责人
    Note: 组织架构树中,部门负责人图标右下角有红色五角星标识。
  • 用户: 可选项,可将已有相关用户加入到该组织
Figure 3所示:
Figure 3. 添加组织


组织详情页

点击组织名称,进入组织详情页,如Figure 4所示:
Figure 4. 组织详情页


组织详情页包括以下几个子页面:
  • 基本属性:

    基本属性子页面显示组织名称、UUID、概览信息等,其中名称、简介支持修改。

  • 子部门:

    子部门子页面显示子部门列表及子部门相关信息,并支持创建子部门、更改上级部门、更改部门负责人、添加用户、移除用户、删除等子部门相关操作。

  • 用户:

    用户子页面显示部门内用户列表及用户相关信息,并支持添加用户、设为部门负责人、加入部门、更换部门、移除、加入项目、从项目移除、删除等用户相关操作。

  • 审计:

    审计子页面显示组织相关的日志记录。

Organization Operations

An organization includes two types of add method: manual addition and 3rd party authentication. Organizations of different add methods support different operations.

Operations Supported by Cloud Organization
An admin, platform admin, or regular platform user can perform the following operations for an organization in the Cloud:
  • Add organization: Create an organization tree.
  • Change parent department: Change the parent department for the organization. Notice that the top-level department does not support this operation.
  • Change department head: Respecify the head of department.
  • Create subsidiary department: Create a subsidiary department under the organization.
  • Delete subsidiary department: Delete the subsidiary department under the organization. Notice that the organization without any subsidiary department does not support this operation.
  • Add user: Add a new user to the organization.
  • Remove user: Remove a user from the organization.
    Note: If the user is the head of department, removing this user will also remove its identification as the head of department.
  • Delete: Delete the specified organization.
    Note: Exercise caution. Deleting an organization will also delete all its subsidiary departments.
3rd Party Authentication Synchronization Operations
An admin, platform admin, or regular platform user can perform the following operations for the synchronized 3rd party organization:
  • Add user: Add a new user to the organization.
  • Remove user: Remove a user from the organization.
    Note: If the user is the head of department, removing this user will also remove its identification as the head of department.
  • Delete: Delete the specified organization. Deleting the specified organization will also delete the 3rd party server. Notice that this organization cannot be deleted independently.

User

A user (virtual ID) is simply a natural person who is the most basic unit in Enterprise Management. A user has multiple attributes, such as a platform admin, project admin, and head of a department.

ZStack provides the following two types of user classification:
  • Classification by source
    • Local User

      A user that is created in the Cloud. A local user can be added to an organization, added to a project, bound with a role.

    • 3rd Party User

      A user is that is synchronized to the Cloud through 3rd party authentication. A 3rd party user can be added to an organization, added to a project, and bound with a role.

    Note: Users in Enterprise Management can log in to the Cloud via Project Login, while local users can log in to the Cloud via User Login. Besides, third-party users can log in to the Cloud via AD/LDAP User.
  • Classification by project
    • Platform User

      A user that is not added to a project yet, including platform admin and the regular platform member.

    • Project Member

      A user who has joined a project, including project admin, project operator, and normal project member.

用户界面

admin/平台管理员/普通平台成员登录云平台后,在ZStack私有云主菜单,点击高级功能 > 企业管理 > 用户按钮,进入用户界面,如Figure 1所示:
Figure 1. 用户界面


用户界面包括本地用户和第三方用户两个子列表:
  • 本地用户:

    显示云平台创建的用户。

  • 第三方用户:

    显示通过第三方认证同步的用户,第三方用户与本地用户类似,支持加入项目、加入部门、分配权限等基础操作,并可以正常使用云平台各种资源。

Note:
  • An admin or platform admin can view a list of all users.
  • If an organization tree is created in the Cloud, a platform user can only view the user list of its own organization. If no organization tree is created in the Cloud, a platform user can view all users.

创建用户

ZStack云平台支持以下两种方式创建用户:
  • 手动添加方式
  • 模板导入方式
手动添加方式
用户界面,点击创建用户按钮,弹出创建用户界面,添加方式选择手动添加,可参考以下示例输入相应内容:
  • 姓名: 输入用户姓名
  • 用户名(用于登录): 设置用户名,作为登录名需全局唯一
  • 密码: 设置用户登录密码
  • 确认密码: 再次输入登录密码
  • 简介: 可选项,可留空不填
  • 手机号码: 可选项,输入用户手机号码
  • 邮箱地址: 可选项,输入用户邮箱地址
  • 编号: 可选项,输入用户编号,例如工号
  • 项目: 可选项,可将用户加入到一个或多个项目
  • 组织架构: 可选项,可将用户加入到一个或多个组织
Figure 2所示:
Figure 2. 手动添加方式




模板导入方式
用户界面,点击创建用户按钮,弹出创建用户界面,添加方式选择模板导入,如Figure 3所示:
Figure 3. 模板导入方式


操作步骤如下:
  1. 下载配置模板文件
    点击下载模板按钮,下载csv格式的配置模板文件,如Figure 4所示:
    Figure 4. 配置模板文件


    Note: 用户名、姓名、密码为必填参数,且用户名必须全局唯一。
  2. 按规定格式填写用户的配置信息

    配置模板包括表头和一行示例,编辑模板时需删除或覆盖该示例。

    填写配置模板时,可参考以下示例输入相应内容:
    • 姓名: 输入用户姓名
    • 用户名: 设置用户名,作为登录名需全局唯一
    • 密码: 设置用户登录密码
    • 简介: 可选项,可留空不填
    • 手机号码: 可选项,输入用户手机号码
    • 邮箱地址: 可选项,输入用户邮箱地址
    • 编号: 可选项,输入用户编号,例如工号
    • 组织架构: 可选项,可将用户加入到一个或多个组织
      Note:
      • Existing organizations are required. Notice that these organizations must be separated by "/", such as Company/Dev.
      • If the organization path duplicates, attach the UUID of a top-level department, such as Company(f11444d42701483791370e9f8b9300b9)/Dev.
      • If a user is added to multiple organizations simultaneously, separate these organizations by "&&", such as Company/Dev&&Company/QA.
    • 项目: 可选项,可将用户加入到一个或多个项目
      Note:
      • A project is required. When a single project is added, enter the project name directly, such as project-01.
      • If a user is added to multiple projects simultaneously, separate these projects by "&&", such as project-01&&project-02.
  3. 配置文件填写完成后,可通过浏览器直接上传到云平台,如Figure 5所示:
    Figure 5. 添加配置文件


    点击文件选择框右上角删除按钮,支持清除已上传的文件。

  4. 语法检查
    点击语法检查按钮,检查配置文件的语法是否正确。
    • 若检查有误,将弹出报错信息窗口,点击下载并根据错误信息提示修改配置文件,完成后重新上传;
    • 若检查无误,点击确定按钮,云平台将根据配置文件开始创建用户。

用户详情页

点击用户名称,进入用户详情页,如Figure 6所示:
Figure 6. 用户详情页


用户详情页包括以下几个子页面:
  • 基本属性:

    基本属性页面显示用户名称,姓名、双因子二维码、身份、组织架构路径等用户基本信息,其中用户名、简介支持修改。

  • 部门:

    部门页面显示用户所在部门列表以及部门相关信息,支持加入部门、从部门移除操作。

  • 角色:

    角色页面显示用户绑定的角色,分为系统角色和自定义角色两栏,支持绑定、解绑操作。

  • 项目:

    项目页面可根据区域显示用户加入的项目列表以及项目相关信息,支持加入项目、从项目移除操作。

  • 审计:

    审计页面显示管理用户相关的日志信息。

User Operations

Operations between a local user and a 3rd party user are little bit different.

Local User Operations
An admin, platform admin, or regular platform user supports the following operations for a local user:
  • Create user: Create a local user based on the basic employee information.
  • Change user name: Change the user name. The user name that is the login name must be unique.
  • Change password: Change the login password for the local user.
  • Change personal information: Change the full name, phone number, email address, and identifier.
  • Join department: Add the local user to one or more departments.
  • Remove from department: Remove the local user from the department.
    Note: If the local user is the head of department, removing this local user from the department will also remove its identification as the head of department.
  • Join project: Add the local user to one or more projects.
  • Remove from project: Remove the local user from the project.
    Note:
    • If the local user is the project admin or project operator, removing the local user from the project will also remove its identification as the project admin or project operator.
    • If the local user is part of a ticket process, the ticket process will be unavailable after you remove the local user from the project. Also, the tickets related to the process will be all recalled.
  • Delete: Delete the local user.
    Note:
    • If you delete the local user that acts as the head of department, project admin, or project operator, deleting the local user will also delete its identification as the head of department, project admin, or project operator
    • If you delete the local user that is part of ticker process, the ticket process will be unavailable after you remove the local user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Audit: Check the related operations of the local user. These operations are performed by the admin or platform admin.
3rd Party User Operations
An admin, platform admin, or regular platform user support the following operations for a 3rd party user:
  • Join department: Add the 3rd party user to one or more departments.
  • Remove from department: Remove the 3rd party user from the department to be selected.
    Note: If the 3rd party user is the head of department, removing the 3rd party user from the project will also remove its identification as the head of department.
  • Join project: Add the 3rd party user to one or more projects.
  • Remove from project: Remove the 3rd party user from the project.
    Note:
    • If the 3rd party user is the project admin or project operator, removing the 3rd party user from the project will also remove its identification as the project admin or project operator.
    • If the 3rd party user is part of ticket process, the ticket process will be unavailable after you remove the 3rd party user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Delete: Delete the 3rd party user.
    Note:
    • If you delete the 3rd party user that acts as the head of department, project admin, or project operator, removing the 3rd party user will also remove its identification as the head of department, project admin, or project operator.
    • If you delete the 3rd party user that is part of a ticket process, the ticket process will be unavailable after you remove the 3rd party user from the project. Also, the tickets related to the ticket process will be all recalled.
  • Convert to local user: After you synchronize an AD server, the non-existent 3rd party user will be changed to the deleted state and cannot log to the Cloud. At this time, the 3rd party user can be converted to a local user, while the AD user that is in the deleted state can be changed to the local user in the Cloud.
    Note:
    • After you convert a 3rd party user to a local user, the original data of the 3rd party user will be inherited, such as the belonged project and the acquired permissions.
    • After you convert a 3rd party user to a local user, verify that you perform Change Password. Then, the converted local user can log in to the Cloud normally.

Role

A role is a collection of permissions used for entitling users to manage resources by calling associated APIs. A role has two types, including system role and custom role.
  • System Role

    A special role preconfigured by the Cloud. As the Cloud upgrades, the permission contents of a system role will be updated, and new permissions will be added automatically. The system role cannot be configured manually.

  • Custom Role

    A custom role that you created in the Cloud. Similar to the system role, the permission contents of a custom role will be updated as the Cloud upgrades. Notice that you need to manually configure the additional permissions after the upgrade.

角色界面

admin/平台管理员/普通平台成员登录云平台后,在ZStack私有云主菜单,点击高级功能 > 企业管理 > 角色按钮,进入角色界面,如Figure 1所示:
Figure 1. 角色界面


Note: 名称表示角色的显示名称,键值表示用于搜索的名称。
The role page includes two tab pages: system role and custom role. Specifically, the system role includes the following:
  • Dashboard role:
    After you bind the dashboard role, the dashboard user can only have the permission of the monitoring dashboard. Once you log in to the Cloud, you will go to the dashboard page.
    • The dashboard user does not have the user home page. This user cannot change the password by its own. Notice that only the admin, platform admin, or regular platform user can change the password for the dashboard user.
    • The default language and the theme of the dashboard are consistent with the current configurations of the Cloud. Notice that only the admin, platform admin, or regular platform user can change these configurations for the dashboard user.
    • After the dashboard user logs in to the Cloud, closing the Web browser will still keep the user logging in. If the user wants to log out, access http://management node_ip:port/#/login and then perform the logout operation, such as http://172.20.11.50:5000/#/login.
  • Platform admin role:
    After you bind the platform admin role, the platform admin can act as the platform administrator. The platform admin has the zone attribute, and manipulates the data center of the zone that is allocated to the platform admin.
    • The newly created platform admin defaults to manipulate all zones before zones are allocated.
    • After one or more zones are assigned to the platform admin, this platform admin can only manipulate the assigned zones.
    • One platform admin can manipulate multiple zones while one zone can be manipulated by multiple platform admins.
    • The platform admin needs to log in to the Cloud via Project Login.
  • Project admin role:

    After you bind the project admin role, the project admin can act as the project administrator. The same project can only be assigned to one project admin. Notice that the project admin role can be changed.

  • Project operator role:

    After you bind the project operator role, the project operator can act as the project manager who can assist the project admin to manage projects. One or more project members can act as the project operator within the same project.

创建角色

角色界面的自定义角色子页面,点击创建角色按钮,弹出创建角色界面,可参考以下步骤创建角色:
  1. 配置基础信息: 配置角色相关的基础信息
    可参考以下示例输入相应内容:
    • 名称: 设置角色名称
    • 简介: 可选项,可留空不填
    • 角色类型: 选择角色类型,包括平台、项目

      若选择项目类型,需要选择项目角色属于的项目。

      Note: 角色分为平台和项目两种类型,平台类型的角色仅支持绑定到平台成员;项目类型的角色仅支持绑定到所属项目的项目成员。
      • The same user can only be bound to one type of role.
      • The same user can be bound to multiple same types of custom role.
      • The project member can only be bound to the custom role of the project where the project member belongs.
    Figure 2所示:
    Figure 2. 配置基础信息


  2. 配置角色权限: 选择权限服务以及权限配置
    Figure 3所示:
    Figure 3. 配置角色权限


    权限服务是按资源划分的权限集合,不同权限服务之间可能存在依赖关系,推荐使用云平台预置的系统角色或勾选全部权限服务。

  3. 确认提交: 检查将要创建的角色,支持跳转修改
    Figure 4所示:
    Figure 4. 确认提交


角色详情页

点击角色名称,进入角色详情页,如Figure 5所示:
Figure 5. 角色详情页


角色详情页包括以下几个页面:
  • 基本属性:

    基本属性子页面显示角色名称、简介、项目等基本属性,其中自定义属性的名称、简介支持修改。

  • 权限内容:
    权限内容子页面显示角色中包含的权限服务及权限,支持添加权限服务、移除权限服务、修改权限配置等操作。
    Note: 移除权限服务操作需要注意以下情况:
    • 移除权限服务后绑定此角色的用户将不再拥有相关权限;
    • 不同权限服务之间可能存在依赖关系,请谨慎操作。
  • 用户:

    用户子页面显示绑定此角色的用户列表以及角色相关信息,支持绑定用户、解绑用户操作。

  • 成员组:

    成员组子页面显示加载此角色的成员组列表以及成员组基本信息,支持加载、卸载操作。

  • 审计:

    审计子页面显示角色相关的日志信息。

Role Operations

An admin, platform admin, or regular platform user can perform the following operations for a role:
  • Bind user: Bind a role to a user. By doing so, the user can own permissions of the related operations.
  • Unbind user: Unbind the user from a role. By doing so, the related permissions owned by the user will be removed.
  • Clone: Clone the role.
  • Delete: Delete the role.
    Note:
    • Exercise caution. After you delete a role, the related user will automatically unbind this role, which will affect directly the normal usage of the related project members.
    • The system role cannot be deleted.









Download

Already filled the basic info? Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.

Email Us

contact@zstack.io
ZStack certification training consulting
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for choosing ZStack products and services.

Back to Top