<%NUMBERING1%>.<%NUMBERING2%>.<%NUMBERING3%> PRTG Manual: User Access Rights

Define which user can access what in your PRTG Network Monitor installation and manage all user rights with the access rights system of PRTG.

The default administrator can be the only user of a PRTG installation, but can also create a nearly unlimited number of other users. Individual users are organized in a nearly unlimited number of user groups. Each user group can separately have access rights for each individual object in your PRTG device tree (except for sensor channels). Objects can also inherit access rights according to the hierarchic structure of the device tree.

In addition, every user has specific rights: There are administrator users, read/write users, and read-only users. You can define these settings in System Administration—User Accounts. Via these tools, you can create an access rights management that allows you to specify exactly what users will be able to see and edit and what they will not be able to access.

User Rights in User Account Settings

User Rights in User Account Settings

Individual user rights, in combination with the access rights of the group(s) they belong to, determine the access rights to certain objects in the device tree. This means that group membership specifically determines what a user is allowed to do and which objects the user will see when logged in.

The actual access rights for each object in the device tree can be defined in the object's settings. You can define different access rights for all sensors, devices, groups, or probes via the corresponding Context Menus or in the Object Settings.

Access Rights Overview

The following classes of access rights for objects are available in hierarchical order as they can be given to user groups (lowest rights to highest rights):

  • None: The object will not be displayed to the users of the group; no logs, no tickets, no alarms regarding this object will appear.
  • Read: You can only see monitoring results and change your own password if allowed by your administrator.
  • Write: You are allowed to review monitoring results and edit settings. In addition, you can add objects to and delete them from the device tree.
  • Full: Review monitoring results, edit settings, and edit access rights. In addition, you can add objects to and delete them from the device tree.
  • Admin rights: If a user group has administrator rights, all options are available, including creating users, creating user groups, and deleting objects from the device tree. Users in the administrator user group always have maximum access rights to all objects and will never have access restrictions.

icon-i-roundAccess rights that are defined locally on an object, for example, on a device, override inherited rights. For a certain object, the highest directly defined access right applies for a user group. If there is no access right set directly on an object, the next higher object level will be checked for access rights. This process is repeated until defined access rights are found to be inherited or there is no higher object level.

Different Access Rights for a Firewall in the Device Tree Depending on User Groups

Different Access Rights for a Firewall in the Device Tree Depending on User Groups

Please see the table below for which user rights apply when. Column headings show access rights of user groups for objects in the device tree; line headings show the type of user.

icon-i-round-redUsers are either members in PRTG user groups or in Active Directory Domain user groups. They cannot be members in both. We recommend that you use only one type of user group (either PRTG or Active Directory) to minimize your administration effort.


  • PRTG User Group
  • Domain User Group  
  • PRTG User Group
  • Domain User Group
  • PRTG User Group
  • Domain User Group
  • PRTG System Administrator
  • Domain Administrator

Read Access

Read/Write Access

Full Access

 

  • PRTG User Read Only
  • Domain User Read Only

Read-only rights

Read-only rights

Read-only rights

Admin rights

  • PRTG User Read/Write
  • Domain User Read/Write

Read-only rights

Read/write rights

Full access

Admin rights

  • Users in an administrator group always have administrator access rights, no matter what access rights have been defined for an object.
  • Read-only users just have reading permission, no matter what access rights their group has. Users who are members of an administrator group are an exception. Read-only users can change their own passwords in their user account settings, if the administrator has enabled them to do so.
  • Read/write users in a group with full access to a given object have full access rights to this object only.
  • If a user is in more than one group, access rights of the user group with the highest rights apply .
  • Administrator rights can only be granted by membership in the administrator group.

icon-book-arrowsFor more information about defining access rights, please see the following sections:

icon-book-arrowsFor information about connecting PRTG to an existing Active Directory, see Active Directory Integration.

 

Understanding Basic Concepts—Topics

Keywords: User Access Rights