Documentation

6. Users

A user is someone who has access to Tower with associated permissions and credentials. The Users link (accessible from the Setup [setup] menu) allows you to manage the all Tower users. The user list may be sorted and searched by Username, First Name, or Last Name.

Users - home with example users

There are three types of Tower Users:

  1. Normal User: read and write access is limited to the inventory and projects for which that user has been granted the appropriate rights.
  2. Organization Administrator: the administrator of an organization has all of the rights of a normal user, as well as admin, read, and write permission over the entire organization and all of its inventories and projects, but does not have those levels of access on content belonging to other organizations. This level of user can create and manage users.
  3. Superuser: a Tower Superuser has admin, read, and write permissions over the entire Tower installation. A Superuser is typically a systems administrator responsible for managing Tower and will delegate responsibilities for day-to-day work to various Organization Administrators.

Note

The initial user (usually “admin”) created by the Tower installation process is a Superuser. One Superuser must always exist. To delete the “admin” user account, first create another Superuser account.

To create a new user click the plus button, which opens the new user dialog.

Create User Form

Enter the appropriate details into the following fields:

  • First Name
  • Last Name
  • Email
  • Organization (Choose from an existing organization–this is the default organization if you are using a Basic license)
  • Username
  • Password
  • Confirm Password
  • Superuser (The superuser has full system administration privileges for Tower. Use with caution!)

Select Save when finished.

Once the user is successfully created, the Edit User dialog opens. This is the same menu that is opened if the Edit button is clicked from the Users link from the setup button. Here, the user’s Properties, Credentials, Permissions, and other user membership details may be reviewed and modified.

Edit User Form

6.1. Users - Credentials

Credentials are utilized by Tower for authentication when launching jobs against machines, for synchronization with inventory sources, and when importing project content from version control systems. For more information, refer to Credentials.

Users - credentials list expanded

To add a credential to user, expand the credentials menu and click the plus button.

Users - credentials list for example user

Then, select one or more credentials from the list of available credentials by clicking the Select checkbox. Click the Select button when done.

Users - add credentials for example user

To create a new credential and add it to the user, click the plus button from the Add Credentials screen, which opens the Create Credential dialog.

Users - create credential for example user

Enter the appropriate details depending on the type of credential and select Save. For more information, refer to Credentials.

6.2. Users - Permissions

The set of privileges assigned to users and teams (role-based access control) that provide the ability to read, modify, and administer projects, inventories, job templates, and other Tower elements are permissions.

There are two permission types available to be assigned to users and teams, each with its own set of permissions available to be assigned:

  • Inventory: grants permission to act on inventories, groups, and hosts
    • Read: view groups and hosts within a specified inventory
    • Write: create, modify, and remove groups, and hosts within a specified inventory. Does not give permission to modify the inventory settings. This permission also grants the Read permission.
    • Admin: modify the settings for the specified inventory. This permission also grants Read and Write permissions.
    • Execute commands: Allow the user to execute commands on the inventory.
  • Job Template: grants permission to launch jobs from the specified project against the specified inventory
    • Create: Allow the user or team to create job templates. This implies that they have the Run and Check permissions
    • Run: launch jobs of type Run. This permission also grants the Check permission.
    • Check: launch jobs of type Check.

This menu displays a list of the permissions that are currently available. The permissions list may be sorted and searched by Name, Inventory, Project, or Permission type.

Users - permissions list for example user

To add new permissions to the user, click the plus button, which opens the Add Permission dialog.

Users - add permission for example user

Enter the appropriate details into the following fields:

  • Permission Type
    • Inventory
    • Job Template
  • Name
  • Description

Note

Before you can select an Inventory, you must first create it and make it available. Refer to Inventories for more information.

Selecting a Permission Type of either Inventory or Job Template changes the appearance of the Add Permission dialog to present appropriate options for each type of permission.

For a permission of type Inventory, enter the following details:

  • Inventory (Select from the available inventories)
  • Permission
    • Read
    • Write
    • Admin
    • Execute commands

For a permission of type Job Template, enter the following details:

  • Project (Select from the available projects)
  • Inventory (Select from the available inventories)
  • Permission
    • Create
    • Run
    • Check

Select Save.

6.3. Users - Admin of Organizations

This displays the list of organizations that this user is an administrator of. This list may be searched by Organization Name or Description. A user cannot be made an organization administrator from this interface panel.

Users - Admin of organizations list for example user

6.4. Users - Organizations

This displays the list of organizations that this user is a member of. This list may be searched by Organization Name or Description. Organization membership cannot be modified from this display panel.

Users - Organizations list for example user

6.5. Users - Teams

This displays the list of teams that this user is a member of. This list may be searched by Team Name or Description. Team membership cannot be modified from this display panel. For more information, refer to Teams.

Users - teams list for example user