Resilio Connect Management Console starting with v2.4. allows to configure access to WebUI for multiple uses each having their own access level as well as unite them in groups and configure granular access to Agents, Groups and Jobs.
The configured access levels also apply to API tokens. Starting with Resilio Connect v3.3.0 API tokens can be generated for AD users (through API only).
Starting with Resilio Connect Management Console 3.3.2, Administrators can also use Azure AD to configure Management Console Users. Those can be configured with local users or instead of.
And The Resilio Connect Management Console can also integrate with an Active Directory to retrieve Users and Administrators.
How to use it?
To add a user go to Settings -> Users.
Each user must have at least one user role which defines their access level. If a user belongs to several groups, the user's resulting permissions are the sum of all the permissions from the groups. Starting with version 2.10 strong password is required.
The following default user roles are available
- Super Administrator - has full access to all objects in Management Console: agents, jobs, groups, as well as settings, API, logging, backups, schedule, cloud storage, etc. Additionally SuperAdmin can create, edit and remove other users and user groups.
- Administrator - has full access to objects in MC, except for the following: cannot edit other users; has view only to cloud storage (can use them in jobs configuration); cannot view, make or restore backups; no access to API tokens; no access to auxiliary servers; no permissions to upload new license.
- Read-only - this user cannot make any changes and has no access to most of the objects in MC. This role can be useful for cases when one needs to monitor the activity, performance and detect any failures.
About User Groups
In addition to default user roles, one can create custom user groups. A user can belong to multiple user groups at a time, the user’s access will be the summary of highest access levels to an object. For example, if within one group the user has “View only” access to everything, and within another group the user can “Edit & Run” a job, the actual access to the job will be “Edit & Run”.
Users that belong only to custom groups and have none of default roles don’t have access to Overview tab with overall performance statistics, and only have access to General Settings tab.
The following access levels are be available:
Groups and agents
- “Full access” means that the user will be able to add/create/edit/delete groups and agents.
- “View only” implies that groups and agents tabs are visible, but the user won’t be able to make any changes there.
When creating a user group, you can manage access only to already existing jobs.
- “Create new job” option allows the user to create all types of jobs. Automatically, the user gets “Full access” to this job, and thus can even grant other users access to it (when editing a job on “Settings” step).
- “View only” means that the user cannot make any changes to the job.
- “Run” - user can only manually start a job. Applies to transfer jobs (Consolidation, Distribution and Script jobs).
- “Edit & Run” adds access to editing a job, but cannot delete it.
- “Full access” means that the user will be able to edit/delete a given job as well as manage other groups’ access to it.