Introduction

• JS7 - Identity Services implement Authentication Methods and access to Identity Providers. For example, credentials such as user account/password are used as an Authentication Method to access an LDAP Directory Service acting as the Identity Provider, see the JS7 - Identity and Access Management article for more information.
• Depending on the Identity Service Type in use, the user accounts are managed and stored with the Identity Service or with the JOC Cockpit, see JS7 - Identity Services.
• The JOC Cockpit manages permissions and roles for any Identity Services and stores such information independently of the Identity Service.
• Find details from the following articles:
  • JS7 - Manage Roles and Permissions
  • JS7 - Manage User Accounts

Manage User Accounts, Roles and Permissions

After installing the JOC Cockpit a user can log in with the default root user account and root password that are available from the JS7 - JOC Identity Service.

• The JOC Identity Service is active and is the only Identity Service available by default.
• The JOC Identity Service includes the default root user account. Users are encouraged to change the password of the root user account after initial installation of the JOC Cockpit.

To manage user accounts, roles and permissions from any JOC Cockpit page, use the user menu in the right upper corner and select Manage Identity Services:

The Manage Identity Services page holds the list of the available Identity Services. By default the list is populated from the JS7 - JOC Identity Service. Users can add new Identity Services. From this page users can select an Identity Service to manage the user accounts associated with the Identity Service. Assume that the JOC Identity Service is selected by clicking the name JOC.

The JOC Identity Service page offers three sub-views: Roles, Accounts, Profiles. Selecting an Identity Service by default opens the Roles sub-view.

• Roles: Permissions can freely be grouped to roles. This includes specifying permissions for scheduling objects in the JOC Cockpit and in Controllers.
• Accounts: Management of user accounts that are stored with the JS7 - Database.
• Profiles: Information about the date of last login by user accounts.

The Roles sub-view

The Roles sub-view allows assignment of permissions for access to scheduling objects with the JOC Cockpit and Controllers.

When the sub-view is opened after initial installation of JOC Cockpit, then it is populated with default roles and permissions, see the JS7 - Default Roles and Permissions article for more information. Users are free to modify, add and delete any roles. Please keep in mind that at least one role that includes administrative permissions to access all objects in the JOC Cockpit and Controllers is required and has to be assigned an administrative user account. Should an administrative role no longer be left then this corresponds to locking the door behind you and throwing away the keys. In this situation refer to the JS7 - Rescue in case of lost access to JOC Cockpit article.

The Accounts sub-view

The Accounts sub-view is available when a user selects the Identity Service from the Identity Management Services page. This sub-view lists the user accounts that are configured along with their roles.

The Permissions sub-view

This view allows graphical navigation and the selection of permissions:

Further Resources