This article provide details on Adding\Managing Staff roles and Staff users.
This article applies to all builds of MachPanel.
Staff roles define privileges assigned to the Staff member. To view staff roles, navigate to the following path: Home » System Configuration » System Users » Staff roles .
There are couple of pre-defined roles that come packaged with Control Panel.
These roles include:
- Super Administrator: This role has full unrestricted access to the system. Assign this role only to the staff members who will have full access to every feature of the system.
- Billing Administrator: This role can access only billing relevant section of system. For example, this role can access Billing Manager section but cannot view Network Eye section.
- Help Desk Administrator: This role can access only Help Desk section of the system.
- Network Administrator: This role can access only Network Eye section.
You cannot remove default roles but you can clone or edit default roles or create new roles and assign them to your staff members.
To create a new role, click Add New Role
button and follow the instructions below:
- Role Name: Enter the name for this role.
- Role Description: Enter some description here.
- Is sub reseller: You can Add sub reseller by checking this option.
- Features Access: Click the check boxes to define which system areas this role can access.
Note: Now Staff Users can Mange CSP Accounts, manage their own profiles and manage 2FA settings in latest build.
button when finished.
Staff users are your staff member who can access the administrative features. To view staff users, navigate to the following path: Home » System Configuration » System Users » Staff Users . To create a staff user, click Add Staff Member button and follow the instructions below:
You can assign built-in or custom defied roles to your staff user.
- Passport Login: Enter the email address of user. This is used as login for the system.
- Passport Password: Enter a password for the staff member.
- Primary Contact: Here only First Name and Last Name fields are compulsory.
- Roles: Select the Roles you want to assign to staff user.
Click Save button when finished.
Assigning/changing roles when AD Sync is enabled
When AD LDAPs are set
AD Domains: Select an Active directory domain from the domain(s) which are already configured in machpanel
Staff users OU LDAP: Users from this OU will be imported into machpanel, Please note staff users can not be deleted, can only be disabled.
Staff security group OU LDAP: Groups from this OU will be used to assign roles, when OU LDAPs are specified, a new column "Security Group Name" will appear in staff roles listing.
On backend AD, let's say you have groups like billingGroup and networkGroup as shown below, you will specify groups name in Security Group Name column as shown above.
Now Staffuser10272021-1_1 is member of networkGroup
and Staffuser10272021-1_2 is member of billingGroup as shown below
Roles will get assigned automatically
Under Password Configuration tab you can define password policy system wide.
You can also add IP lockdown for your staff users. To view IP lockDown, navigate to the following path: Home » System Configuration » System Users » IP LockDown