Documentation

7. Users

A User is someone who has access to Tower with associated permissions and credentials. The Users link (found by clicking on the Settings (settings) menu and selecting Users) allows you to manage the all Tower users. The User list may be sorted and searched by Username, First Name, or Last Name (click on the USERNAME button beside the search field to toggle your sorting preference).

Users - home with example users

There are three types of Tower Users:

  1. Normal User: Normal Users have read and write access limited to the inventory and projects for which that user has been granted the appropriate roles and privileges.
  2. System Auditor: Auditors implicitly inherit the read-only capability for all objects within the Tower environment.
  3. System Administrator: a Tower System Administrator (also the Superuser) has admin, read, and write privileges over the entire Tower installation. A System Administrator is typically responsible for managing all aspects of Tower and delegating responsibilities for day-to-day work to various Users and System Auditors.

Note

The initial user (usually “admin”) created by the Tower installation process is a Superuser. One Superuser must always exist. To delete the “admin” user account, you must first create another Superuser account.

To create a new user click the add button, which opens the Create User dialog.

Create User Form

Enter the appropriate details into the following fields:

  • First Name
  • Last Name
  • Email
  • Username
  • Organization (Choose from an existing organization–this is the default organization if you are using a Self-Supported level license.)
  • Password
  • Confirmation Password
  • User Type (The System Administrator, superuser, has full system administration privileges for Tower. Assign with caution!)

Select Save when finished.

Once the user is successfully created, the User dialog opens for that newly created User. This is the same menu that is opened if the Edit (edit-button) button beside a User is clicked from the Users link within Tower’s Settings (settings). Here, the User’s Organizations, Teams and Granted Permissions, as well as other user membership details, may be reviewed and modified.

Edit User Form

7.1. User Types - Quick View

Once a user has been created, you can easily view permissions and user type information by looking beside their user name in the User overview screen.

_images/user-label-user-types.png

If the user account is associated with an enterprise-level authentication method (such as SAML, RADIUS, or LDAP), the user type may look like:

_images/user-label-user-type-radius.png

If the user account is associated with a social authentication method, the user type will look like:

_images/user-label-user-type-social.png

7.2. Users - Organizations

This displays the list of organizations of which that user is a member. This list may be searched by Organization Name or Description. Organization membership cannot be modified from this display panel.

Users - Organizations list for example user

7.3. Users - Teams

This displays the list of teams of which that user is a member. This list may be searched by Team Name or Description. Team membership cannot be modified from this display panel. For more information, refer to Teams.

Until a Team has been created and the user has been assigned to that team, the assigned Teams Details for the User appears blank.

Users - teams list for example user

7.4. Users - Granted Permissions

The set of Granted Permissions assigned to this user (role-based access controls) that provide the ability to read, modify, and administer projects, inventories, job templates, and other Tower elements are Privileges.

This menu displays a list of the privileges that are currently available for a selected User. The privileges list may be sorted and searched by Name, Type, or Role.

Users - permissions list for example user

To remove Granted Permissions for a particular User, click the Disassociate (x-button) button under Actions. This launches a Remove Role dialog, asking you to confirm the disassociation.