Platform: Managing Users - toddrob99/redball GitHub Wiki

User accounts are managed from the System Config page in the web interface.

Note: The default user id is admin and the default password is redball. Changing both the user id and password is highly recommended, especially if you will be making redball accessible from the Internet.

There is a form in the Users section of the System Config page which will allow authorized users to create a new user (rb_users_rw privilege required to create a user).

Enter the user id, password (with confirmation), and any additional fields you wish including name, email, and reddit user id. Select the privileges you want the new user to have, and click the Create button.

Navigate to the System Configuration page of the web interface, and locate the Users section. Click the Edit button on the record you wish to edit. Update the details and click Save.

In order to generate API keys, a user must have the rb_config_r* (ro or rw), rb_user_rw, and rb_apikeys_rw privileges.

Generate an API key for a given user, from the System Config page, by clicking the API button on the applicable user record. A warning will be displayed if the user already has an API key, because generating a new API key will overwrite the existing API key.

Users can change their own password by clicking the wrench next to their user id at the top-right of the screen while logged in.

Users with the rb_user_rw privilege can change another user's password on the System Config page, by clicking the Password button on the applicable user record. This will take the user to the Change Password screen, where they must enter their own password for confirmation, along with a new password for the target user (with confirmation).

The rb_web privilege is required for access to the web interface. Likewise, the rb_api privilege is required for access to the API. Even the rb_admin privilege does not provide access to the web interface or API by itself.

• rb_admin: Full access to all areas of the application (via api if rb_api is assigned and/or web interface if rb_web is assigned).
• rb_api: Allow access via api (api key required).
• rb_web': Allow access via web UI.
• rb_config_ro: Read-only access to system configuration.
• rb_config_rw: Full access to system configuration.
• rb_user_ro: Read-only access to users (requires rb_config_r*).
• rb_user_rw: Full access to manage users (requires rb_config_r*).
• rb_apikeys_ro: Read-only access to (masked) API keys (requires rb_config_r*).
• rb_apikeys_rw: Full access to API keys (requires rb_config_r*).
• rb_log_ro: Read-only access to logs.
• rb_log_rw: Full access to logs.
• rb_bot_create: Access to create a bot.
• rb_bot_all_ro: Read-only access to all bots.
• rb_bot_all_startstop: Access to start and stop all bots (includes read-only access).
• rb_bot_all_rw: Full access to all bots.

A set of privileges will be added for each bot. For example, when the first bot is created, with bot id 1, the following privileges will be made available:

• rb_bot_1_ro: Read-only access to all bots.
• rb_bot_1_startstop: Access to start and stop all bots (includes read-only access).
• rb_bot_1_rw: Full access to all bots.

The user who created the bot will be assigned the rb_bot_<botId>_rw privilege by default. All other users must be assigned the new privileges manually, as appropriate.

Keep in mind the rb_bot_all_* privileges apply to all bots, and privileges providing the most access will be honored. If a user has the rb_bot_all_ro and rb_bot_1_rw privileges, the user will have read-only access to all bots, but will have read-write to bot 1. If a user has the rb_bot_all_rw and rb_bot_1_ro privileges, the user will have read-write access to all bots, including bot id 1--the read-only privilege for bot id 1 is effectively useless in this case.

The privilege hierarchy is as follows:

ro < startstop < rw