User access and roles

The NAM Console provides a single point of access for user management and security for NAM.

System administrator account

A system administrator's account is created during NAM installation. You should use caution not to delete this account, but the system will prevent you from deleting the last available administrator account. There is no bootstrap administrator account available. You can assign system administrator privileges to any users added to the system.

Overview: adding users to a new implementation

The following high-level procedure provides an overview on how to set up product security and add users. We assume an administrator has installed a new version of NAM.

  1. Select a user authentication method
    By default ("local" authentication), a system administrator will manually add user accounts.

    You can also use LDAP authentication, where authentication takes place when users sign into the system with their network ID and password. We recommend that you use LDAP authentication, if this is a viable option for your organization and you have many potential users. It is more secure than local authentication, as information about users and groups do not have to be replicated in a second location (NAM will not store user passwords if you use LDAP). You may need to consult with your network administrators to properly configure this security feature.
    For more information, see Authentication.

  2. Add or import users
    If you use "local" authentication, you create user accounts on the Users screen in the NAM Console.

    If you configured LDAP authentication, you can import individual users or import LDAP groups.

    To simplify user management, we recommend that you import LDAP groups if you are going to use LDAP authentication and have a relatively large number of users. An LDAP group is the equivalent of a corporate network group. A user's membership in that corporate group determines whether that user can access the system. When a user from the group signs in for the first time, a NAM user account is created automatically. See User configuration and Importing LDAP groups.

    All new users — whether they are added locally, imported individually from LDAP, or imported as part of an LDAP group — are assigned the role of Guest. Guests can only view reports on the NAM Server to which they have been assigned. They cannot configure monitoring components. New users are also assigned to the Everyone user group, which also has view-access to assigned reports.

  3. Extend access to users or user groups
    A user's role assignment determines whether they can configure product features or create reports and dashboards.

    If added or imported users only need view-access to NAM Server reports they have been assigned, you do not have to assign a new role — their default Guest role assignment gives them the needed view access.

    You can assign one of four other roles (like the higher-access System Administrator or Report Administrator roles) to individual users, a locally created user group, or an imported LDAP group. You must be a System Administrator to access the NAM Console. A System Administrator user or group can view and edit all NAM Server reports.

    To simplify user management, we recommend assigning roles at the group level, if possible, rather than to individual users. You may have to use a combination of individual and group role assignments to meet your access needs. See User roles and groups and Creating and managing user groups.