User Management: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
VoIP monitor allows users to define multiple user accounts with different rights. If no user is defined, the user admin with password admin is active. Once there is one user defined, the admin/admin account no longer exists so be careful that you create full admin user before you log out from admin/admin. If your session expires in web browser (default PHP settings are set at around two hours)  the WEB GUI will prompt you for re-log in. Users are saved in database table users. If you cannot log in delete all users.
{{DISPLAYTITLE:User Management and Permissions}}


echo “delete from users” | mysql voipmonitor
'''This guide provides a comprehensive overview of how to create and manage user accounts, permissions, and access restrictions within the VoIPmonitor web GUI.'''


= Creating new user =
== Introduction to User Management ==
VoIPmonitor allows you to create multiple user accounts, each with a specific set of permissions and data access restrictions. This is essential for providing secure, role-based access to your call data.


Click on New user button and fill the New user form. Then click on Save.  
'''Important Default Behavior:'''
[[File:userform.png|User Management Formular]]
*A fresh VoIPmonitor installation starts with a single default user: '''admin''' with the password '''admin'''.*
*The moment you create your '''first new user''', this default `admin/admin` account is '''automatically deleted'''.
*'''Golden Rule:''' Your very first action should be to create a new, personal administrator account with a strong password. If you create a non-admin user first and log out, you will lose administrative access to the GUI.


* Login name + Password are used for logging in to the WEB GUI
== How to Create or Edit a User ==
* Is administrator – has rights to create/delete/modify users and to all features
All user management is done by navigating to '''Settings -> Users'''.
* Can listen – user can listen to WAV or can download WAV files
*To create a new user, click the '''New user''' button.
* Can download PCAP user can download PCAP file
*To edit an existing user, click the pencil icon next to their username in the list.
* Remove RTP from PCAP – if user clicks on PCAP download the RTP stream will be removed from the PCAP file (but still remains on disk)  
 
* Simple CDR – user views only simple CDR layout without QoS metrics. This is useful for users who want to see a basic CDR overview and wants to listen to calls (callcenters, etc.).  
Changes made to a user's permissions will only take effect after that user logs out and logs back in.
* Dynamic CDR title – make date filter hidden and modify on click (better is to leave this not enabled)
 
* Enable tracker - enable internal ticket system to user
[[File:userform.png|The New/Edit User form where all permissions and restrictions are configured.]]
* Enable active calls - enable active calls to user
 
* Enable register - enable register section to user
== Understanding User Permissions ==
* Enable live sniffer - enable live sniffer to user
User permissions are divided into two main levels, controlled by a single checkbox.
* Enable capture rules - enable capture rules section to user
 
* Enable audit - enable User audit to user (to see logs)
=== Administrator vs. Standard User ===
* Enable edit alerts - allow edit alerts in reporting section
;<code>Is administrator</code>
* Enable show sent alerts - allow viewing sent alerts
:This is the most important permission.
* Enable local share CDR - allow sharing CDR
:*'''Checked (Admin):''' The user has full, unrestricted access to all GUI features, including creating other users, configuring sensors, and viewing all call data.
* Enable share.voipmonitor.org - allow share CDR to public share.voipmonitor.org service
:*'''Unchecked (Standard User):''' The user has limited access. They cannot see the "Settings" menu, and their view of call data can be restricted based on the settings below.
* IP addresses – list of allowed IP addresses or IP networks to see by user. This option allows users to view only certain CDR. The list of IP addresses isdelimited by new line.
 
* Tel. Numbers – list of allowed telephone numbers. To restrict user to an area code use '%' - for example, to view all numbers beginning with the area code 222, type 222%.  
=== Feature and Data Access Permissions ===
* Note - user note like description etc.
These checkboxes control a user's access to specific features and data types.
 
==== Core Data Access ====
;<code>Can download PCAP</code>
:Allows the user to download the full network packet capture for a call.
;<code>Can listen</code>
:Allows the user to play or download the audio recording (WAV/OGG) of a call.
;<code>Remove RTP from PCAP</code>
:A security feature. If a user with this permission downloads a PCAP, the audio portion (RTP stream) will be automatically stripped from the file, leaving only the signaling data (SIP).
 
==== GUI Feature Access ====
;<code>Simple CDR</code>
:Hides advanced QoS and network metrics from the CDR view. This is ideal for users (e.g., in a call center) who only need to see basic call information and listen to recordings.
;<code>Enable capture rules</code>
:Allows the user to view and manage call recording rules.
;<code>Enable alerts</code>
:Allows the user to create, edit, and view alerts in the reporting section.
;<code>Enable audit</code>
:Grants access to the Audit Log, which tracks actions taken by other users.
;''And others:'' Permissions like `Enable active calls`, `Enable register`, and `Enable live sniffer` grant access to their respective sections in the GUI.
 
==== Sharing Permissions ====
;<code>Enable local share CDR</code>
:Allows the user to generate a shareable link for a specific call that can be viewed by others within your organization.
;<code>Enable share.voipmonitor.org</code>
:Allows the user to share a call publicly via the voipmonitor.org sharing service.
 
== Restricting User Access to Call Data ==
For standard (non-admin) users, it is crucial to restrict which calls they are allowed to see. This is done using three primary methods on the user's edit page.
 
=== 1. Restriction by IP Address ===
The '''IP addresses''' text box allows you to limit a user to seeing only calls that involve specific IP addresses or subnets.
*Enter one IP address or CIDR network per line (e.g., `192.168.1.10` or `10.0.0.0/8`).
*The user will only see calls where either the source or destination IP address matches an entry in this list.
 
=== 2. Restriction by Telephone Number ===
The '''Tel. Numbers''' text box limits a user based on the caller or called number.
*Enter one number or prefix per line.
*You can use the `%` character as a wildcard. For example, `4420%` will allow the user to see all calls to or from numbers starting with `4420`.
 
=== 3. Restriction by Sensor ===
By default, all users can see calls from all sensors. In a multi-sensor deployment, you can restrict a user to data from specific sensors.
*Click the '''Sensors''' tab on the user's edit page.
*Check the boxes next to the only sensors this user should be able to see data from.
 
[[File:Usersensors.png|The Sensors tab allows you to assign specific data sources to a user.]]
 
== Emergency: Recovering a Lost Admin Password ==
If you have lost access to all administrator accounts, you cannot reset passwords through the GUI. You must perform an emergency reset directly in the database.
 
'''Warning:''' These commands directly modify your database. Proceed with caution.
 
=== Option A: Delete All Users (Clean Slate) ===
This command will delete '''all''' user accounts, resetting the GUI to its initial state where the `admin/admin` user is active.
<pre>
echo "DELETE FROM users;" | mysql voipmonitor
</pre>
You can then log in with `admin/admin` and recreate your user accounts.
 
=== Option B: Add a Temporary Admin User ===
This command inserts a new, temporary user named '''test''' with the password '''testtest''' and full administrator rights.
<pre>
echo "INSERT INTO users SET username='test', name='test', password=MD5('testtest'), is_admin=1;" | mysql voipmonitor
</pre>
After running this, log in as `test/testtest`, reset the password of your original admin account, and then '''immediately delete the temporary `test` user''' from within the GUI.
 
== AI Summary for RAG ==
'''Summary:''' This guide provides a comprehensive overview of user management in the VoIPmonitor GUI. It begins by explaining the default `admin/admin` account and the critical rule that it is deleted upon the creation of the first new user. The guide details the process of creating and editing users under "Settings -> Users" and explains the key permission fields, distinguishing between an "Is administrator" account and a standard user. It covers permissions for data access (PCAP, audio), feature access (simple CDR, alerts, audit log), and sharing. A major section is dedicated to restricting user access to specific calls, detailing how to filter a user's view by IP address, telephone number prefix, and by specific sensors in a multi-sensor deployment. Finally, it provides two emergency command-line procedures for recovering lost admin access by directly modifying the database: one to delete all users and reset to default, and another to insert a temporary admin account.
'''Keywords:''' user management, users, permissions, rights, access control, administrator, admin, standard user, restrict, filter, IP address, telephone number, sensor, password reset, lost password, `DELETE FROM users`
'''Key Questions:'''
* How do I create a new user in VoIPmonitor?
* What is the difference between an admin and a standard user?
* How can I restrict a user to only see calls from a specific customer or IP range?
* How can I limit a user's access to only certain sensors?
* What do the permissions like "Simple CDR" or "Can download PCAP" do?
* I lost my admin password, how can I get back into the GUI?
* What is the default username and password for VoIPmonitor?

Latest revision as of 23:46, 30 June 2025


This guide provides a comprehensive overview of how to create and manage user accounts, permissions, and access restrictions within the VoIPmonitor web GUI.

Introduction to User Management

VoIPmonitor allows you to create multiple user accounts, each with a specific set of permissions and data access restrictions. This is essential for providing secure, role-based access to your call data.

Important Default Behavior:

  • A fresh VoIPmonitor installation starts with a single default user: admin with the password admin.*
  • The moment you create your first new user, this default `admin/admin` account is automatically deleted.
  • Golden Rule: Your very first action should be to create a new, personal administrator account with a strong password. If you create a non-admin user first and log out, you will lose administrative access to the GUI.

How to Create or Edit a User

All user management is done by navigating to Settings -> Users.

  • To create a new user, click the New user button.
  • To edit an existing user, click the pencil icon next to their username in the list.

Changes made to a user's permissions will only take effect after that user logs out and logs back in.

The New/Edit User form where all permissions and restrictions are configured.

Understanding User Permissions

User permissions are divided into two main levels, controlled by a single checkbox.

Administrator vs. Standard User

Is administrator
This is the most important permission.
  • Checked (Admin): The user has full, unrestricted access to all GUI features, including creating other users, configuring sensors, and viewing all call data.
  • Unchecked (Standard User): The user has limited access. They cannot see the "Settings" menu, and their view of call data can be restricted based on the settings below.

Feature and Data Access Permissions

These checkboxes control a user's access to specific features and data types.

Core Data Access

Can download PCAP
Allows the user to download the full network packet capture for a call.
Can listen
Allows the user to play or download the audio recording (WAV/OGG) of a call.
Remove RTP from PCAP
A security feature. If a user with this permission downloads a PCAP, the audio portion (RTP stream) will be automatically stripped from the file, leaving only the signaling data (SIP).

GUI Feature Access

Simple CDR
Hides advanced QoS and network metrics from the CDR view. This is ideal for users (e.g., in a call center) who only need to see basic call information and listen to recordings.
Enable capture rules
Allows the user to view and manage call recording rules.
Enable alerts
Allows the user to create, edit, and view alerts in the reporting section.
Enable audit
Grants access to the Audit Log, which tracks actions taken by other users.
And others: Permissions like `Enable active calls`, `Enable register`, and `Enable live sniffer` grant access to their respective sections in the GUI.

Sharing Permissions

Enable local share CDR
Allows the user to generate a shareable link for a specific call that can be viewed by others within your organization.
Enable share.voipmonitor.org
Allows the user to share a call publicly via the voipmonitor.org sharing service.

Restricting User Access to Call Data

For standard (non-admin) users, it is crucial to restrict which calls they are allowed to see. This is done using three primary methods on the user's edit page.

1. Restriction by IP Address

The IP addresses text box allows you to limit a user to seeing only calls that involve specific IP addresses or subnets.

  • Enter one IP address or CIDR network per line (e.g., `192.168.1.10` or `10.0.0.0/8`).
  • The user will only see calls where either the source or destination IP address matches an entry in this list.

2. Restriction by Telephone Number

The Tel. Numbers text box limits a user based on the caller or called number.

  • Enter one number or prefix per line.
  • You can use the `%` character as a wildcard. For example, `4420%` will allow the user to see all calls to or from numbers starting with `4420`.

3. Restriction by Sensor

By default, all users can see calls from all sensors. In a multi-sensor deployment, you can restrict a user to data from specific sensors.

  • Click the Sensors tab on the user's edit page.
  • Check the boxes next to the only sensors this user should be able to see data from.

The Sensors tab allows you to assign specific data sources to a user.

Emergency: Recovering a Lost Admin Password

If you have lost access to all administrator accounts, you cannot reset passwords through the GUI. You must perform an emergency reset directly in the database.

Warning: These commands directly modify your database. Proceed with caution.

Option A: Delete All Users (Clean Slate)

This command will delete all user accounts, resetting the GUI to its initial state where the `admin/admin` user is active. 

echo "DELETE FROM users;" | mysql voipmonitor

You can then log in with `admin/admin` and recreate your user accounts.

Option B: Add a Temporary Admin User

This command inserts a new, temporary user named test with the password testtest and full administrator rights. 

echo "INSERT INTO users SET username='test', name='test', password=MD5('testtest'), is_admin=1;" | mysql voipmonitor

After running this, log in as `test/testtest`, reset the password of your original admin account, and then immediately delete the temporary `test` user from within the GUI.

AI Summary for RAG

Summary: This guide provides a comprehensive overview of user management in the VoIPmonitor GUI. It begins by explaining the default `admin/admin` account and the critical rule that it is deleted upon the creation of the first new user. The guide details the process of creating and editing users under "Settings -> Users" and explains the key permission fields, distinguishing between an "Is administrator" account and a standard user. It covers permissions for data access (PCAP, audio), feature access (simple CDR, alerts, audit log), and sharing. A major section is dedicated to restricting user access to specific calls, detailing how to filter a user's view by IP address, telephone number prefix, and by specific sensors in a multi-sensor deployment. Finally, it provides two emergency command-line procedures for recovering lost admin access by directly modifying the database: one to delete all users and reset to default, and another to insert a temporary admin account. Keywords: user management, users, permissions, rights, access control, administrator, admin, standard user, restrict, filter, IP address, telephone number, sensor, password reset, lost password, `DELETE FROM users` Key Questions:

  • How do I create a new user in VoIPmonitor?
  • What is the difference between an admin and a standard user?
  • How can I restrict a user to only see calls from a specific customer or IP range?
  • How can I limit a user's access to only certain sensors?
  • What do the permissions like "Simple CDR" or "Can download PCAP" do?
  • I lost my admin password, how can I get back into the GUI?
  • What is the default username and password for VoIPmonitor?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=User_Management&oldid=5509"