In-App Configuration
Clicking on ‘Configuration’ in the Application Portal will bring you to the Mercury Configuration module. This module has the following sections, which will now appear on the navigation header:
- Users
- Search Users
- New User
- Login History
- Audit Permissions
- Roles
- Search Roles
- New Role
- API Keys
- Search API Keys
- Issue API Key
- Send Notification
- Bulletins
- Search Bulletins
- New Bulletin
Users
Users store identity information for a given operator, and also contain a list of assigned roles.
Creating a User
To create a user, click on ‘New User’. This will bring up the new user form that will let you enter the following information:
- Username, a unique account identifier
- Roles, a multi-select of all roles currently configured in Mercury
- Auth Type, LDAP or Local, if LDAP is selected, the following fields will be greyed out and auto-completed by your LDAP server
- First Name
- Last Name
- Disabled, will the user be prevented from logging in?
- Password, at least eight characters; there is no confirmation when setting the password from this page
Searching for Users
To search all current users, click on ‘Search Users’. This will allow you to enter the following criteria:
- First Name, user’s authentication first name
- Last Name, user’s authentication last name
- Username, user’s username
- Disabled, whether the user object has been disabled through Mercury
Modifying Users
To edit a user, click on their username from the search results.
This will be identical to the form shown when creating the user. If the user authenticated with LDAP, you will not be able to change certain fields; saving the user will update information from LDAP.
If you are changing between authentication types, note that an LDAP user with no password set will require a password before you can complete saving; if the user was formerly local and has a password, you will not be asked to enter one again.
When editing a local user, the password field will be optional: not filling it out will preserve the existing password, filling it out will change it.
Deleting Users
Users can only be deleted if they have not performed any operations, which link them to history entries.
Viewing User Login History
Clicking ‘Login History’ will bring you to a page allowing you to view the status of user Tokens. You can filter results by the user’s username, the remote IP address used to connect, and a date range. Login history will display when the user logged in, from what IP address, and when their session expired. If a session is not marked as expired, but expiration time has past, that means that the user did not click ‘Logout’; their session is still invalid and that Token cannot be used again.
Auditing Permissions
This page lets you search what users have the specified permission code. For example, if you enter in ‘settings’, the ‘local’ user should show up. Clicking the username will display a link to the edit-user form, and also links to all roles that user belongs to that grant that role; by default this should show ‘Administrator’.
Roles
Roles act as containers for permission codes.
Creating a role
Click ‘New Role’. The only required criteria for a role is a unique role name. You can optionally add any combination of configured permission codes.
Modifying a role
Select a role from the search results, make any changes to the form and save.
Deleting a role
A role may be deleted at any time, it will be unlinked from any users and permissions before being deleted.
API Keys (Secrets)
Issuing API Keys
Click ‘Issue API Key’ and give the key a name and optional permissions; anything typed into ‘Issued Key’ will be overwritten on creation.
Permissions are only required if the API key will be used by a user-less client, when a user authenticated with an application issued an API key, the user’s permissions will be used, not the key’s.
Notifications
Clicking ‘Send Notification’ will bring you to a form allowing you to manually send emails to users based on their assigned roles; a user will only receive the notification once, regardless of if they are part of multiple roles that were selected. Clicking ‘Send E-Mail’ will also send an email to the account they have on file, if one exists and if emailing has been enabled and configured in the Config.
Bulletins
Bulletins are messages that appear on the Application Portal above ‘Module Status’:
To create a bulletin, click ‘New Bulletin’ and fill in the following:
- Title, the title to be displayed in the bulletin header
- Type, Info will be green, Alert will be red
- Start Date, when the bulletin will start to appear
- End Date, when the bulletin will stop appearing (optional)
- Message, what the bulletin will say
- Roles, what roles will see the bulletin (will not be duplicated if a user is a member of multiple roles)
- Disabled, manually shut the bulletin off, regardless of End Date