- Overview
- Adding Users
- Limiting Group Access/Computer Access
- Viewing Permissions
- Grouping Users
- Document Revision History
Overview
Every person that will be using the LabTech Control Center should have an assigned, unique login. This not only allows you to lock down user permissions based on the roles your technicians play but also provides a detailed audit trail of actions performed by every user in LabTech.
Adding Users
 |
TIP: Before adding users, if you already have users set up with like permissions, you can use the Copy User menu option. When this option is used, it will duplicate all of the settings except username, password and email. To use, expand Admin, then Users. Right-click on the user that you want to copy and select Users > Copy User. Complete the general information for the new user and make any necessary changes to the permissions and/or group membership and Save. |
General Information
- From the navigation tree in the Control Center, expand Admin.
- Right-click on Users and select Add New User from the menu that displays.
Figure 1: Add New User![Fig01 11.50.121UserAccess]()
Figure 2: Add a New User - General Settings![Fig02 11.50.121UserAccess]()
![Note]()
NOTE: Highlighted areas are required. - Enter the UserName. The user name is case sensitive when logging in to the Control Center.
- Enter the UserName and Confirm Password. This is also case sensitive.
- Enter the Email Address for the technician. This will be the email address that will be used for ticketing.
- Select the MAPI Profile to use to integrate into Outlook, if desired, for scheduling tasks, calendars and contacts. This will use the email address to locate the user's mailbox on the Exchange server. Select 'Default' to use the default profile, 'Outlook' to select the Outlook profile or leave it at the default of 'Disable' to disable any integration.
- Select the Allow Status Customization checkbox for this user to customize the status gauges for clients. For more information, please refer to the Status Gauges documentation.
- Select the Allow Navigation Menu Customization checkbox to allow this user to make changes to the navigation menus in the Control Center. For more information, please refer to the Navigation Menus documentation.
- Select the Ticket Level for this user. Ticket Level defines what tickets the user can see. All new tickets default to 'Start'. If the ticket is elevated, it moves up one level (second) and then to third, and so on. Users can only see tickets that are the same level as what is indicated in the Ticket Level field unless they have the Supervisor checkbox selected. If this is selected, then they can see all tickets from their ticket level down. This excludes 'client' level tickets. Client level tickets are created when the In House Support Staff is selected on the Client screen. For additional information on ticketing and how it works, please refer to the Ticketing documentation.
- Enter the number of new tickets to display to the user in the New Tickets field. 0 = unlimited. The oldest tickets are displayed first. New tickets are defined as tickets that have not been opened yet.
- Enter the number of open tickets to display to the user in the Open Tickets field. 0 = unlimited. The oldest tickets are displayed first.
- Select the Ticket Router checkbox if you want the user to have the ability to route tickets. When tickets are created they are not visible to other users until is assigned a client, with the exception of tickets created from monitors and agents. All other tickets will have to be assigned a client by a user that has the Ticket Router option selected. Ticket routers will not see new tickets that are already assigned.
- Select the Supervisor checkbox if you want the user to have the ability to see tickets of their level and lower, excluding level 0 tickets. As explained earlier, 0 level tickets are meant to be seen and worked by your client and will only be seen by your technician when they are elevated. These can only be created at level 0 from the agent computer when the client has In-House Support selected.
- Select the Logout Report checkbox if you want a report to display when a technician logs off to remind them to enter their time. This is a Crystal Report that will show timers, tickets and time entries for the day. Most facilities will want to edit these reports to suit their needs.
- Select the Login Report checkbox if you want a report to display when a technician logs in to remind them of things to do today. This is a Crystal Report that will show timers, tickets and time entries for the day. Most facilities will want to edit these reports to suit their needs.
- When you have completed the above steps proceed to the next section, Setting Permissions to set up permissions for this user.
![Note]()
NOTE: If you click Save, without entering permissions you will receive a warning that this user will not be able to log in without permissions set and the window will close. You will need to right-click on the user name from the navigation tree and select Modify User, to then apply permissions.
Setting Permissions
Permissions in the LabTech system are class-based. Permissions are set for the user class and the users are members of various classes. The permissions that apply to a user are accumulative so if one user class gives edit access and the other user class has delete access, then the user would have both edit and delete access.
Permissions must be granted before a user can log in to the Control Center and to access certain features of LabTech. Refer to the following tables to see the descriptions for each field and the default permissions for the default user classes.
 |
IMPORTANT: The recommendation is to change the Admin password as soon as you can and changing all technicians' passwords every 45 days. Passwords should be strong. |
Figure 3: User Access - Permissions
 |
NOTE: If this is the first time assigning permissions to this user, you will not see any User Classes assigned when you open the Permissions tab. |
Table 1: Permissions Field Descriptions
| Field | Description |
| Templates | Users can be granted read, edit and delete access to templates. In most cases, technicians will not need access to templates. |
| Clients | Users can be granted read, edit and delete access to the clients they have access to. |
| Reports | Users can be granted read, edit and delete access to reports and dataviews. If users are not given read access, they will not see a Reports option on the navigation tree or in the Web Control Center. |
| Contacts | Users can be granted read, edit and delete access to contacts they have access to. |
| Users | Users can be granted read, edit and delete access to user accounts. It is recommended that user access be given only to those creating accounts. |
| Tools | Users can be granted read, edit and delete access to custom commands and tools. If users are not given read access, it will display on the navigation tree but the user will not have access to it. |
| Scripts | Users can be granted read/schedule, edit and delete access to scripts. If users are not given read access, it will display on the navigation screen but the user will not have access to it. |
| Super Admin | Bypasses all permissions and group permissions. Also, makes the user a Super Admin in the MySQL server. Do NOT give Allow Web Access to Super Admins, as it can create a security risk. |
| System Config | Allows user to edit the LabTech configuration, includes the Dashboard > Config tab. |
| Security Class Config | Allows user to edit the permissions of groups, clients and classes. Also, enables editing of class permissions. |
| Timekeeping | Allows user access to time entry and active time slips. Requires Work on Tickets to be selected for full functionality. |
| Work with Tickets | Allows the user to work on tickets. |
| Shared Hyperlinks | If selected, it allows the user to store hyperlinks in the LabTech database that can be accessed from the navigation tree in the Control Center or through the API. Synchronizes the LabTech folder in the user's favorites in Internet Explorer. |
| Manage Groups | Allows the user to edit group information and allows the user to see all computers in the system. |
| Time & Timers | When selected, the Dashboard > Time tab will be accessible to this user. |
| Manager | When selected, the Dashboard > Management tab will be accessible to this user. |
| Ticketing | When selected, the Dashboard > Ticketing tab will be accessible to the user. |
| Trending | When selected, the Dashboard > Trending tab will be accessible to the user. |
| Overview | When selected, the Dashboard > Overview tab will be accessible to the user. |
| Command Level Limit | Limits the user's ability to only send commands (that are equal to or lower than what is set in this field) to a computer that they have access to. Command levels are configured in Dashboard > Management > Remote Commands. This field will default to 'highest' allowing this user to send all commands for computers they have access to. Available options are lowest, one, two, three and highest. |
| Auditing Level | Most actions performed in LabTech can be audited. Auditing is performed by checking the user's auditing level and comparing that to the action levels you have determined (Dashboard > Management > Auditing) and if it is equal to or lower than, it will audit the action. The default auditing level is set to 'none'. Available options are: 0= Nothing, 1=Critical, 2=Significant, 3= Informational, 4=Normal and 5=Everything. |
| Allow Web Access | When selected, this will allow the user to connect to the Web Control Center. Do NOT give Super Admin web access, as this can create a security risk. |
| Allow HTTP Tunnel | When selected, it allows the user to connect to the LabTech Control Center via an HTTP://FQDN address on port 80 instead of requiring a VPN and L: drive mappings for remote connectivity. |
| Ticket Based Security | When selected, this will limit this user's access to just the computers and clients that have open tickets, for the computers and clients that are assigned to this user. |
The default permissions associated with the default user classes are shown below.
Table 2: User Classes - Default Permissions
| Class Permissions | User Classes | |||||||
| Accntng |
Admin |
Power Users | Quick Connect | Security Config | Super Admin | System Config | Users | |
| Templates | ||||||||
| Read | X | X | X | |||||
| Edit | X | X | ||||||
| Delete | X | X | X | |||||
| Clients | ||||||||
| Read | X | X | X | X | ||||
| Edit | X | X | ||||||
| Delete | X | X | ||||||
| Reports | ||||||||
| Read | X | X | X | X | ||||
| Edit | X | |||||||
| Delete | X | X | ||||||
| Contacts | ||||||||
| Read | X | X | X | X | ||||
| Edit | X | X | ||||||
| Delete | X | X | X | |||||
| Users | ||||||||
| Read | X | |||||||
| Edit | X | |||||||
| Delete | X | X | ||||||
| Tools | ||||||||
| Read | X | X | X | |||||
| Edit | X | X | ||||||
| Delete | X | X | X | |||||
| Scripts | ||||||||
| Read | X | X | X | |||||
| Edit | X | X | ||||||
| Delete | X | X | X | |||||
| Super Admin | X | |||||||
| System Config | X | |||||||
| Security Class Config | X | |||||||
| Timekeeping | X | X | X | X | ||||
| Work with Tickets | X | X | X | X | ||||
| Shared Hyperlinks | X | X | X | |||||
| Manage Groups | X | X | ||||||
| Dashboard & Management Settings | ||||||||
| Time & Timers | X | X | X | |||||
| Manager | X | X | X | |||||
| Ticketing | X | X | X | |||||
| Trending | X | X | ||||||
| Overview | X | X | X | |||||
| Allow Web Access | ||||||||
| Allow HTTP Tunnel | ||||||||
| Ticket Based Security | ||||||||
To assign permissions to a user, follow the steps listed below.
- From the navigation tree of the Control Center, right-click on the user that needs permissions granted, and select Modify User.
- Click on the Permissions tab.
- Right-click on the User Classes section. This will bring up a menu with several options.
Figure 4: Permissions - User Classes
There are several default User Classes you can select from or you can create your own. Refer to Table 2: User Classes - Default Permissions earlier in this section for the default permissions for each user class. If the default user classes and permissions do not meet your needs, refer to the following section Adding New User Classes for additional information. Otherwise, continue to step four.
- Click on the desired user class for this user. The user class will immediately display in the User Classes section. Repeat steps 3-4 for each additional user class. To remove a user class from a user, double-click on it.
![Note]()
NOTE: You can modify existing user classes, by selecting or deselecting the various effective permissions and Dashboard and Management settings. You must change the user in some manner (e.g., turn a permission off and back on or vice-versa) to activate the Save button. Once you have made the changes, click Save Class and then Save. All users that have the user class assigned to them will get these new permissions. - Select the components of the Dashboard that should be accessible to this user, in the Dashboard and Management Settings.
- Select the Command Level Limit from the drop-down list. Available options are lowest, one, two, three and highest.
- Select the Auditing Level from the drop-down list. The auditing level determines what will be audited for the user. Available options are 0= Nothing, 1=Critical, 2=Significant, 3= Informational, 4=Normal, 5=Everything.
- Select the Allow Web Access checkbox if you want this user to have access to the Web Control Center.
![Stop!]()
STOP! Do not select the Allow Web Access checkbox if this is a super admin user, as this can create a security risk. - Select the Allow HTTP Tunnel checkbox if you want this user to be able to connect to the HTTP Tunnel with the Control Center.
- Select the Ticket Based Security checkbox if you want to limit this user's access to just the assigned computers and clients that have open tickets.
- When you have completed the above steps proceed to the next section, Setting Group and Client Access to set up group/client permissions for this user.
Adding New User Classes
- If you find that the default user classes and default permissions do not fit your needs, you can create new user classes.
- To create a new user class, right-click on any user from the navigation tree of the Control Center. Select Modify User from the menu that displays.
- Click on the Permissions tab.
- Right-click in the User Classes section. Select Add New Class from the menu that displays.
- You will be prompted to enter the user group name. Enter an appropriate name that will describe the group and click OK.
- The new user class will immediately display in the User Classes section. Assign the desired access and click Save Class to save the user class and then Save again to close the window. This user class will now be available when you right-click on the User Classes section.
Renaming User Classes
- To rename an existing user class, right-click on any user from the navigation tree of the Control Center. Select Modify User from the menu that displays.
- Click on the Permissions tab.
- Select the user class you want to rename and right-click. Select Rename Class from the menu that displays.
- Enter the new name and click Save. Changes will not take effect until you have saved.
Deleting User Classes
- To delete an existing user class, right-click on any user from the navigation tree of the Control Center. Select Modify User from the menu that displays.
- Click on the Permissions tab.
- Select the user class you want to delete and right-click. Select Delete Class from the menu that displays. If this user class is associated with any user, group or client you will not be able to delete it until all those references are removed. If this user class is not associated with any user, group or client, it will be immediately deleted and will no longer display on in the menu.
- Enter the new name and click Save. Changes will not take effect until you have saved.
Setting Group and Client Access
The Groups and Clients tab of the Users window enables you to limit access to any group that appears on the navigation tree in the Control Panel. Best practice is to keep each class set with as few of permissions, as possible and assign users to multiple classes. This allows you to easily identify what access a user has by the class name.
|
NOTE: Access granted in Groups and Clients also affects what access is given to the user for the Web Control Center. |
To set the group/client access for a user, follow the steps listed below.
- From the navigation tree of the Control Center, right-click on the user that needs permissions granted, and select Modify User.
- Click on the Groups and Clients tab.
Figure 5: User Access - Groups and Clients![Fig05 11.2012SP1.UserAccess]()
- The Primary Clients section allows you to limit the list of clients that can be seen on the navigation tree as well as the My Tickets view. Select the client(s) from the Available Clients list and use the arrows to move them (or double-click) to the Current List. Then, from the navigation tree, right-click on Clients and select Limit to Primary Clients. Using the above example, jdoe will only see the client, XYZ Computers. To see all clients again, just right-click on Clients from the navigation tree and select Limit to Primary Clients to remove the checkmark.
- The Available Groups will show all groups that you see on the navigation tree of the Control Center. Select the group(s) from the Available Groups and use the arrows to move them (or double-click) to Member Of to grant access to this user. To remove access to a group, select from Member Of and use the arrows to move them back to the Available Groups. If a user has not been granted access to any of the groups, those groups will not display on the navigation tree for that user. Using the above example, jdoe only has access to servers for XYZ Computers and will only see servers for XYZ.
![Note]()
NOTE: For both clients and groups, best practice is to give access to the top level group and not all of the sub-groups for a user (if giving access to all sub-groups). For example, instead of giving access to Agent Types.Laptops, Agent Types.Servers and Agent Types.Workstations, give access to Agent Types (the parent) to grant access to all agent types. - Click Save to save your settings.
Limiting Group Access/Computer Access
Regardless of the settings set on the Groups and Clients tab of the user configuration, permissions can be limited by group. For example, if the technician John Doe has been given access to the group, Agent Types.Laptops on the Groups and Clients tab this gives him access to every computer in this group. However, if there are select computers that you do not want John Doe to have access to; you can create a new group (e.g., Boss' laptop) and give it a group type of 'exclusion', then include John Doe in this exclusion group. He will have access to all laptops except for the computers in Boss' laptop group. For more information on group types, refer to the Groups documentation.
Viewing Permissions
You can easily view the permissions granted to a user. You can access by right-clicking on the user from the navigation tree and selecting Permissions or through the User Access window and clicking the View Permissions button.
Figure 6: User Permissions
This displays the navigation tree the way the user sees it. Click on any item in the navigation tree to see the permissions.
|
NOTE: User permissions are applied every 45 seconds and do not take effect immediately. |
Grouping Users
When users are added, they will automatically appear on the navigation tree of the Control Center under Admin. If you have a lot of users, it will become more difficult to find users. For better visualization and ease of finding users, it is recommended that you create folders to group like users together. This is only recommended if you have a lot of user accounts.
- To create a folder, right-click on Users on the navigation tree and select New Folder from the menu that displays.
Figure 7: Create New Folder![Fig07 11.50.121UserAccess]()
- Right-click on the new folder and select Rename Folder. Enter the desired name and press [enter] to accept.
|
NOTE: To delete a folder, right-click on the folder and select Delete Folder. You will be prompted to confirm. Click Yes to delete or no to cancel the removal. |
Document Revision History
| Date | Notes |
| 08/03/2011 | New |
| 01/20/2012 | Updated for 2012 release: Allow Status Customization and Allow Navigation Menu customization added. |
| 10/22/2012 | Added information for limiting client list to primary clients. |
| 02/05/2013 | Corrected Primary Clients information. |
