User Management

In PRTG, you can control the access rights for every user with a smart User Management.

Overview

The default administrator can use the PRTG installation as the only user or can create an unlimited number of users. Users are organized using an unlimited number of groups (which also control their security settings).

There are three types of users:

• Administrator Users: Only members of the "PRTG Administrators" group can create and edit user accounts and they can see and edit all monitoring objects and system settings.
• Read/Write Users: These users can see all menus and links needed to edit the monitoring configuration (regardless of whether they are allowed to change it).
• Read Only Users: These users will not see any editing links or menus and thus will not be able to edit anything in the configuration.

All the security settings as well as further rights management are conducted via the user groups. This means that group membership controls what a user may do and which objects he sees when logged in. The actual rights for each object can be defined in an object's settings. There, you can define different rights for each probe, group, device, sensor, and other objects.

Managing Users and Access Rights

To manage users and access rights, there a basically three steps to follow:

1. Create new users and set the user account's rights.
2. Create user groups and define users as members of this group.
3. For each object in your device tree, define access rights (inheritance applies; see section Inheritance of Settings).

Create New Users and Groups

Step 1 and 2 are done in the System Administration Settings. See section System Administration - Edit User Accounts and User Groups for more details.

Controlling User Rights

Step 3: Throughout the web interface of PRTG you can control access to the monitoring objects (e.g. groups, devices, sensors, maps, reports, etc.) using the following settings in the according object's setting page:

For sensor tree objects the default setting is to "Inherit Access Rights", which means that a user has the same access rights to all child objects if one has access to the object itself (see section Inheritance of Settings).

This can be overridden by disabling the checkbox in front of "Inherit Access Rights" and setting the "User Group Access" options. You can specify the access rights to the current object for each user group by choosing an option from the drop down list:

1

The options are:

• Inherited: Uses the setting of the parent object
• None: User cannot see or edit the object. The object does not show up in lists and in the sensor tree - unless a child object is visible to the user, then the object is visible in the sensor tree, though not accessible.
• Read: User can see the object and review its monitoring status.
• Write: User can see the object, review its monitoring status and edit the object's settings - except for group access settings.
• Full: Same as "Write", but the User can additionally control the group access settings.

A user can only add and delete objects if the user has "Write" or "Full" access to the parent object.

You will see an additional checkbox for groups and devices, "Revert children's access rights to inherited". If you select this box, the access right of all child objects will be reset to "inherited" which actually deletes all individual right settings for the underlying objects. This is the quick way to reset all access rights and should be used with caution.

Continue