Defining Users and Groups

DeployHub Pro supports as many Users and User Groups as is required to fit within your organizational structure. DeployHub Team allows you to create as many Users as required but only two Groups are supported – Users and Administrators.  

Both Users and User Groups are given access to DeployHub Objects. Access to various objects, menus, and administrative rights within DeployHub are determined by granting access to Users and Groups. Users who belong to a Group that has been granted access to an object are also granted the same access. A many-to-many relationship exists between Users and Groups, so that a User can belong to many different Groups, and a Group can contain many different Users.

Access

Access is applied to every object within DeployHub. It is very important that the correct access is granted to every object that a User needs in order to perform that User’s duties. For instance, if a User needs to deploy a Release containing several Applications to an Environment, then one of the Groups that User belongs to must have ‘deploy’ access to the Environment, ‘change’ access to the Endpoints within that Environment, ‘deploy’ access to the Applications that are contained within the Release, ‘execute’ access to any Actions that are run in order to control the deployment, and ‘check-out’ access to all Repositories that contain the files referenced by Component Items in the Components that are contained within the Applications.


Groups, Users, Domains and Inheritance

Users and Groups are created under a Domain. A User or Group that is created at a higher level Domain will inherit access to all Sub-Domains, based on their access settings. As an example, Administrators, Director, and Operational level Users or Groups can be assigned to the highest level Domain for the Enterprise while Application Teams and Testing Teams can be defined to only the Sub-Domains that pertain to their area of expertise.  Users or Groups can belong to more than one Sub-Domain.


Group Access and Inherited access properties can be overridden within a Sub-Domain by dragging and dropping a Group name from the Available Groups list into one of the four access lists. A Group that has been added to an access list are non-highlighted, as this is the first Sub-Domain given this particular access property for this particular Group. All Sub-Domains below this one will now show the Group in that Access list as highlighted, indicating it was inherited from its parent Domain.


An existing property can be removed from a Domain by dragging and dropping a Group from the Available Groups lists into one of the four access lists where the access property already exists. When a Group has been removed from an Access list that was inherited from a parent Domain, the highlighted Group name remains visible in the access list, but another un-highlighted line containing the same Group name appears in the list with a line through it. All Sub-Domains under this one will appear the same way, having inherited this removal of the Group from the access list.


Creating and Deleting Users

New Users and Groups can be created by clicking on the Users and Groups menu and right clicking on a Domain within the tree structure in the left side panel. This will give you the option to add a “New User/Group in this Domain”. By selecting this, the New User or New Group dialog will appear. Once created, the New User or Group will appear in the list in the tree structure under the selected Domain. Right clicking on a User or Group allows you to delete it. There is no retrieving the deleted User or Group if this option is selected. When a User or Group is selected in the tree structure in the left panel, the following tabs and their fields appear in the right side panel:


Timeline Tab

This tab displays log file entries for deployments that used this User, including deployment number, Environment, Application, and how many days ago the deployment (or hours for all of today’s deployments) took place. Click on the ‘Click to see earlier items’ link to see all of the entries. Users can add comments to these entries by clicking on the ‘Comment’ link within each entry, which opens a text entry field just below the deployment information.

Users can also click on the Subscribe link in each entry of the list, which allows the User to receive information about the selected deployment. Any comments added to the deployment will appear in the History column of the subscriber’s home page.


There is a field above the list labeled “Say something about this User (or Group)” that can have comments placed into it, and files can be attached to the comment as well. Entering text into this field activates the Add Message button. Click on this button to save the comment as a line in the list.


Clicking on the fingerprint button next to the Add Message button brings up a file explorer that allows files to be selected and attached to the comment. These attachments can later be retrieved by clicking on the fingerprint icon on the far right of the comment, which opens the line in the list to display the name of the file. Click on the file name and it will be downloaded into the default Downloads folder of the PC that hosts the browser used to run DeployHub (not on the server hosting DeployHub). A dropdown list appears at the bottom of the browser, which is labeled with the name of the file. Clicking the drop down presents options that are standard in every Windows file download interface, including Open, Always Open this Type of File, and Show in folder. Several drop-down lists can appear along the bottom of the browser. A small ‘x’ on the far-right side at the bottom can be clicked to make all the lists disappear.


Group Membership Tab

This tab contains a list of all the Groups the selected User belongs to. Add a Group to the selected User by clicking on the plus ‘+’ sign in the upper right, which brings up a pop-up window containing all of the available Groups. Click on a Group in the list and click the OK button to add the Group to the list in the Group Membership tab. Clicking the ‘x’ button after selecting a Group in the list will delete that Group from the list.


General Tab

The General tab displays basic descriptive fields that define a selected User. To edit the User’s information, right click on the pencil icon in the upper righ- hand corner of the window.  


All fields that define the currently selected User in the tree structure are as follows (fields are available for edit by clicking on the General tab, then clicking on the pencil icon in the upper right):


Field

Description

User Name

The User’s login name.

Real Name

The full name of the User.

Email

Email address of the User.  This will be referenced within DeployHub, such as when email notifications are sent for successful and failed deployments.

Phone

Phone number of the User.

Date Format

The date format for this User, it is set by clicking on the ‘little person’ icon in the upper right corner of the window which brings up the Profile window, allowing the User to change the setting via a drop-down list of choices.

Time Format

The time format for this User, it is set by clicking on the ‘little person’ icon in the upper right corner of the window which brings up the Profile window, allowing the User to change the setting via a dro- down list of choices.

Password

Current Password of the User. Shows up only in the entry window during editing, not in the display window, and only if the Validation Data Source is not selected. This password is encrypted and stored in the DeployHub database.

Validation Data Source

The name of a Data Source, either ODBC or LDAP, that is used to validate a User and allow entry into the current DeployHub installation. It is used in place of a Username/Encrypted Password pair stored in the DeployHub database. The values for the Real Name and Email fields are populated using the values found in the Data Source.

Account Locked

Locks a User out of the system while keeping the User in the system for historical/auditing purposes. (Available in General tab only, for the selected User.)

Force Change Password

Forces the DeployHub User to change the password that is initially created by an administrator the first time the User logs into DeployHub, thereby allowing the User to have exclusive access to the password. (Available in General tab only, for the selected User.)

Last Login

The last date and time the selected User was logged into DeployHub.


All fields that define the current User are as follows (fields are available for edit by clicking on the ‘Little Person’ icon in the upper right):


Field

Description

User Name

The User’s login in name.

Real Name

The full name of the User.

Email

Email address of the User.  This will be referenced within DeployHub, such as when email notifications are sent for successful and failed deployments.

Phone

Phone number of the User.

Date Format

All dates are shown in this format for this User.

Time Format

All times are shown in this format for this User.

New Password

Entered by the User when a new Password is desired.

New Password Again

Entered as a confirmation of the new Password.


Using an LDAP Validation Data Source

Access to a DeployHub installation can be controlled by accessing Users in an LDAP server instead of DeployHub’s database. This is accomplished by creating a Data Source of Type ‘ldap’ with parameters that will allow it to access an LDAP database and use the information stored there to gain access to DeployHub. It also populates the Users General tab with Real Name and Email, which it gets from the LDAP database.


A Credential is created whose Username value is in the form of a user id (uid) followed by the necessary domain components (dc), all comma delimited (i.e., uid=tesla,dc=example,dc=com). The Credential’s Password field contains the password for the user in the LDAP directory.


The Data Source has 3 (optionally 4) parameters that are used to validate a User:

  • LDAP Server: The address of the LDAP server, which can include the port (i.e., ldap://ldap.forumsys.com:389). If the port isn’t included, it can be put separately into the Port Number parameter.
  • Search Base: The location in the directory where the LDAP search begins (i.e., dc=example,dc=com).
  • Search Filter: Always (uid=$USERNAME) (include parenthesis), as this locates the user within the LDAP database using the Username that was entered into the DeployHub Credential.


The User contains the name of the Data Source in the Validation Data Source field. If this is selected from the list of available Data Sources then no Password field is available, since the password has been supplied by the Credential for the LDAP server.


Creating and Deleting Groups

A new Group can be created by clicking on the Users and Groups menu, clicking on a Domain within the tree structure in the left side panel, and selecting “New Group in this Domain” from the resulting list. A window will appear in the list beneath the Domain, with entry fields that can be filled in to create a new Group. Once a Group is created, it will appear in the list of Groups in the tree structure. The Group can be edited by selecting it in the tree structure and clicking on the pencil icon in the right-hand corner of the window. You can delete a Group by right clicking on it and selecting the ‘Delete this Group’ menu option. There is no retrieving the deleted Group if this option is selected.


NOTE: DeployHub creates a Group named “Everyone” whenever it is installed, and every User that is created is added to this group and cannot be removed from it.


User Membership Tab

A list of all Users who belong to the selected Group appears on this tab. Click on the plus ‘+’ button to add a User to this Group. A pop-up window will appear containing all available Users. Select a User and click OK to add the User to the list of Users in the User Membership tab. You can select multiple users by holding down the shift key while selecting Users. A User can be removed from the Group by selecting the User in the User Membership table under the User Membership tab and clicking the ‘X’ button.


Admin Rights Tab

Access can be applied to the creation of objects within DeployHub and the restriction of menu items.  In addition, you can create a ‘Super Administrator Group’ by providing the group with override access to all objects within DeployHub. This is done by default with the Administrators Group. Defining these access rights are done using checkboxes in the selected Group. It is also important to understand that the Groups can only see objects in the Domain they have been assigned. When you create a new Group, you create that Group under a particular Domain. The Group will be able to see their primary Domain and all its Sub-Domains. The access rights for the Group are defined as follows:


Access Control Rights

Override Access Control allows any User belonging to a Group with this control turned on to have control over the entire system, and no access restrictions apply to them. This option creates a Super Group level of Administrator and should only be used for individuals with full administrative privileges.

Creation Rights

Field

Description

Users

Allows the User to create and add Users to any of the Domains to which they belong.

User Groups

Allows the User to create and add Groups to any of the Domains to which they belong.

Domains

Allows the User to create and add Sub-Domains to any of the Domains to which they belong.

Environments

Allows the User to create and add Environments to any of the Domains to which they belong.

Endpoints

Allows the User to create and add Endpoints to any of the Domains to which they belong.

Repositories

Allows the User to create and add Repositories to any of the Domains to which they belong.

Components

Allows the User to create and add Components to any of the Domains to which they belong.

Credentials

Allows the User to create and add Credentials to any of the Domains to which they belong.

Applications

Allows the User to create and add Applications to any of the Domains to which they belong.

Application Versions

Allows the User to create and add Application Versions to any of the Domains to which they belong.

Actions

Allows the User to create and add Actions to any of the Domains to which they belong.

Procedures

Allows the User to create and add Procedures to any of the Domains to which they belong.

DataSources

Allows the User to create and add DataSources to any of the Domains to which they belong.

Notifiers

Allows the User to create and add Notifiers to any of the Domains to which they belong.


General Tab

The General tab displays the basic descriptive fields that define a Group. You can edit this information by clicking on the pencil icon on the right-hand corner of the window. The basic information that defines a Group includes:


Field

Description

Group Name

The name of the DeployHub Group.

Summary

A text field for short description.

Email

The Group email address that members of a Group would all have access to, in the event of a notify process.

Created

The date and time the Group was created.

Modified

The date and time that information concerning the Group was last edited.