[{"data":1,"prerenderedAt":398},["ShallowReactive",2],{"docs-administration-users-roles-orgs-":3,"docs-navigation":255},{"id":4,"title":5,"body":6,"dateModified":244,"datePublished":244,"description":245,"extension":246,"meta":247,"navigation":248,"path":250,"proficiencyLevel":251,"seo":252,"stem":253,"__hash__":254},"docs\u002Fdocs\u002F6.administration\u002F3.users-roles-orgs.md","Users, Roles, and Organisations",{"type":7,"value":8,"toc":234},"minimark",[9,13,17,22,29,40,49,53,56,72,75,79,82,137,146,150,153,156,160,163,173,176,180,200,204,207,214,220,223],[10,11,5],"h1",{"id":12},"users-roles-and-organisations",[14,15,16],"p",{},"Open-AudIT uses a role-based access control (RBAC) system to determine what a user can do and which devices they can see. It's flexible enough to model almost any organisational structure.",[18,19,21],"h2",{"id":20},"the-three-parts","The Three Parts",[14,23,24,28],{},[25,26,27],"strong",{},"Users"," — People with accounts in Open-AudIT. Each user has a list of Roles and Organisations assigned to them.",[14,30,31,34,35,39],{},[25,32,33],{},"Roles"," — Define ",[36,37,38],"em",{},"what"," a user can do (create, read, update, delete on different collections).",[14,41,42,34,45,48],{},[25,43,44],{},"Organisations (Orgs)",[36,46,47],{},"which"," devices and data a user can act on.",[18,50,52],{"id":51},"how-it-works","How It Works",[14,54,55],{},"When a user performs any operation, Open-AudIT checks two things:",[57,58,59,66],"ol",{},[60,61,62,65],"li",{},[25,63,64],{},"Role check"," — Does this user's role allow this action (e.g., creating a query)?",[60,67,68,71],{},[25,69,70],{},"Org check"," — Does this collection item belong to an org the user has access to?",[14,73,74],{},"Both must pass. A user might have the right role but still not see a device if it belongs to an org they don't have access to.",[18,76,78],{"id":77},"built-in-roles","Built-in Roles",[14,80,81],{},"Open-AudIT ships with three default roles:",[83,84,85,98],"table",{},[86,87,88],"thead",{},[89,90,91,95],"tr",{},[92,93,94],"th",{},"Role",[92,96,97],{},"Description",[99,100,101,113,127],"tbody",{},[89,102,103,110],{},[104,105,106],"td",{},[107,108,109],"code",{},"admin",[104,111,112],{},"Full access to global application settings — configuration, database, logs, roles, LDAP, etc.",[89,114,115,120],{},[104,116,117],{},[107,118,119],{},"org_admin",[104,121,122,123,126],{},"Can create, read, update, and delete items in any collection that has an ",[107,124,125],{},"org_id"," column. The right role for team leads managing devices, queries, groups, and users within their org.",[89,128,129,134],{},[104,130,131],{},[107,132,133],{},"user",[104,135,136],{},"Read-only access to most items within their permitted orgs.",[14,138,139,140,142,143,145],{},"A user can have multiple roles. Permissions are applied at the most permissive level — if a user has both ",[107,141,133],{}," and ",[107,144,119],{},", the org_admin permissions apply.",[18,147,149],{"id":148},"organisations","Organisations",[14,151,152],{},"Think of your org structure like a company org chart. Orgs can have parent–child relationships. If a user has access to a parent org, they automatically have access to all child (descendant) orgs too.",[14,154,155],{},"For some collections — dashboards, groups, queries, reports, summaries, widgets — users with access to a child org can also see items from parent orgs. This makes it easy to share global reporting templates while keeping device data separate.",[18,157,159],{"id":158},"example","Example",[14,161,162],{},"Imagine this structure:",[164,165,171],"pre",{"className":166,"code":168,"language":169,"meta":170},[167],"language-text","Default Org\n└── Company A\n    ├── Finance\n    └── Engineering\n","text","",[107,172,168],{"__ignoreMap":170},[14,174,175],{},"A user with access to \"Finance\" can see Finance devices only. A user with access to \"Company A\" can see all of Company A, Finance, and Engineering devices. An admin with access to \"Default Org\" can see everything.",[18,177,179],{"id":178},"creating-users","Creating Users",[57,181,182,188,191,194,197],{},[60,183,184,185],{},"Go to ",[25,186,187],{},"Menu → Admin → Users → Create Users",[60,189,190],{},"Set a username, name, email, and password",[60,192,193],{},"Assign one or more roles",[60,195,196],{},"Assign one or more organisations",[60,198,199],{},"Save",[18,201,203],{"id":202},"active-directory-and-ldap","Active Directory and LDAP",[14,205,206],{},"Open-AudIT integrates with Active Directory and OpenLDAP for authentication and authorisation. When configured, users don't need separate Open-AudIT accounts — they authenticate with their AD\u002FLDAP credentials.",[14,208,209,210,213],{},"Open-AudIT maps AD\u002FLDAP groups to Open-AudIT roles and orgs. A user must be a ",[36,211,212],{},"direct"," member of the relevant group for the mapping to take effect.",[14,215,216,217,219],{},"If LDAP is configured and a user isn't in LDAP (e.g., the local ",[107,218,109],{}," account), Open-AudIT falls back to local authentication automatically.",[14,221,222],{},"With LDAP fully configured for both authentication and authorisation, Open-AudIT will auto-create user accounts on first login — no pre-provisioning needed.",[14,224,225,226,233],{},"For setup instructions, see ",[227,228,232],"a",{"href":229,"rel":230},"https:\u002F\u002Fdocs.community.firstwave.com\u002Fwiki\u002Fspaces\u002FOA\u002Fpages\u002F3163947075\u002FHow-To+Guides",[231],"nofollow","How to Enable LDAP Authentication",".",{"title":170,"searchDepth":235,"depth":235,"links":236},2,[237,238,239,240,241,242,243],{"id":20,"depth":235,"text":21},{"id":51,"depth":235,"text":52},{"id":77,"depth":235,"text":78},{"id":148,"depth":235,"text":149},{"id":158,"depth":235,"text":159},{"id":178,"depth":235,"text":179},{"id":202,"depth":235,"text":203},"2026-04-10","Understand Open-AudIT's role-based access control system including users, roles, organisations, LDAP integration, and permission inheritance.","md",{},{"title":249},"Users, Roles & Orgs","\u002Fdocs\u002Fadministration\u002Fusers-roles-orgs","Intermediate",{"title":5,"description":245},"docs\u002F6.administration\u002F3.users-roles-orgs","TFyfXsgJ_uDLs3w2dAudzY7RazGJTsGynGbKM8Bi47U",[256],{"title":257,"path":258,"stem":259,"children":260},"Docs","\u002Fdocs","docs",[261,265,277,299,329,351,358,376,393],{"title":262,"path":258,"stem":263,"description":264},"Overview","docs\u002Findex","Guides to help you install, configure, and get the most out of Open-AudIT — a powerful network discovery, audit, and asset tracking system.",{"title":266,"path":267,"stem":268,"children":269,"description":271},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started\u002F1.index",[270,272],{"title":266,"path":267,"stem":268,"description":271},"Get from a fresh install to discovering devices on your network in under 10 minutes. This guide walks through each step in order.",{"title":273,"path":274,"stem":275,"description":276},"Activating Your License","\u002Fdocs\u002Fgetting-started\u002Factivating-your-license","docs\u002F1.getting-started\u002F2.activating-your-license","How to activate your free 100-device Open-AudIT Enterprise license after installation.",{"title":278,"path":279,"stem":280,"children":281,"description":283},"Installation","\u002Fdocs\u002Finstallation","docs\u002F2.installation\u002F1.index",[282,284,289,294],{"title":278,"path":279,"stem":280,"description":283},"Install or upgrade Open-AudIT on Windows Server or Linux. Includes virtual appliance option for the fastest setup.",{"title":285,"path":286,"stem":287,"description":288},"Server Requirements","\u002Fdocs\u002Finstallation\u002Fserver-requirements","docs\u002F2.installation\u002F2.server-requirements","Hardware, operating system, browser, and dependency requirements for running Open-AudIT.",{"title":290,"path":291,"stem":292,"description":293},"Install on Linux","\u002Fdocs\u002Finstallation\u002Finstall-linux","docs\u002F2.installation\u002F3.install-linux","Step-by-step guide to installing Open-AudIT on supported Linux distributions including Red Hat, Rocky Linux, Debian, and Ubuntu.",{"title":295,"path":296,"stem":297,"description":298},"Install on Windows","\u002Fdocs\u002Finstallation\u002Finstall-windows","docs\u002F2.installation\u002F4.install-windows","Step-by-step guide to installing Open-AudIT on Windows Server, including Nmap and Visual C++ prerequisites.",{"title":262,"path":300,"stem":301,"children":302,"description":304},"\u002Fdocs\u002Fdiscovery","docs\u002F3.discovery\u002F1.index",[303,305,310,315,320,324],{"title":262,"path":300,"stem":301,"description":304},"Discovery is how Open-AudIT finds and audits devices on your network. Learn about credentials, running scans, discovery types, and how it all works under the hood.",{"title":306,"path":307,"stem":308,"description":309},"Credentials","\u002Fdocs\u002Fdiscovery\u002Fcredentials","docs\u002F3.discovery\u002F2.credentials","Learn how to create and manage the credential sets Open-AudIT uses to authenticate with devices during network discovery.",{"title":311,"path":312,"stem":313,"description":314},"Running a Discovery","\u002Fdocs\u002Fdiscovery\u002Frunning-a-discovery","docs\u002F3.discovery\u002F3.running-a-discovery","Step-by-step guide to creating and running your first network discovery in Open-AudIT, including advanced options and scheduling.",{"title":316,"path":317,"stem":318,"description":319},"Discovery Types","\u002Fdocs\u002Fdiscovery\u002Fdiscovery-types","docs\u002F3.discovery\u002F4.discovery-types","Open-AudIT supports Subnet, Active Directory, and Seed discovery types. Learn when to use each and how they work.",{"title":52,"path":321,"stem":322,"description":323},"\u002Fdocs\u002Fdiscovery\u002Fhow-discovery-works","docs\u002F3.discovery\u002F5.how-discovery-works","A detailed look at what Open-AudIT does during a discovery — from Nmap scanning through credential testing, audit script execution, and data processing.",{"title":325,"path":326,"stem":327,"description":328},"Matching Devices","\u002Fdocs\u002Fdiscovery\u002Fmatching-devices","docs\u002F3.discovery\u002F6.matching-devices","How Open-AudIT decides whether a discovered device is new or already exists in the database, and how to configure match rules to avoid duplicates.",{"title":330,"path":331,"stem":332,"children":333,"description":335},"Reporting","\u002Fdocs\u002Freporting","docs\u002F4.reporting\u002F1.index",[334,336,341,346],{"title":330,"path":331,"stem":332,"description":335},"Open-AudIT gives you multiple ways to pull meaningful information out of collected data using Queries, Summaries, and Reports.",{"title":337,"path":338,"stem":339,"description":340},"Queries, Summaries & Reports","\u002Fdocs\u002Freporting\u002Fqueries-summaries-reports","docs\u002F4.reporting\u002F2.queries-summaries-reports","Understand the three types of reporting in Open-AudIT — Queries, Summaries, and Reports — how they differ, and how to use filters and permissions.",{"title":342,"path":343,"stem":344,"description":345},"Creating a Query","\u002Fdocs\u002Freporting\u002Fcreating-a-query","docs\u002F4.reporting\u002F3.creating-a-query","Learn how to write custom SQL queries in Open-AudIT to extract device information, with examples for common use cases like warranty tracking and open ports.",{"title":347,"path":348,"stem":349,"description":350},"Groups","\u002Fdocs\u002Freporting\u002Fgroups","docs\u002F4.reporting\u002F4.groups","Learn how to use Groups in Open-AudIT to create dynamic collections of devices for filtering reports, building dashboards, and baselining configurations.",{"title":352,"path":353,"stem":354,"children":355,"description":357},"Dashboards","\u002Fdocs\u002Fdashboards","docs\u002F5.dashboards\u002F1.index",[356],{"title":352,"path":353,"stem":354,"description":357},"Configure and customise Open-AudIT dashboards and widgets to create at-a-glance visual overviews of your network environment.",{"title":359,"path":360,"stem":361,"children":362,"description":364},"Administration","\u002Fdocs\u002Fadministration","docs\u002F6.administration\u002F1.index",[363,365,370,371],{"title":359,"path":360,"stem":361,"description":364},"Covers the ongoing administration of Open-AudIT including configuration, user management, permissions, and backup procedures.",{"title":366,"path":367,"stem":368,"description":369},"Configuration","\u002Fdocs\u002Fadministration\u002Fconfiguration","docs\u002F6.administration\u002F2.configuration","Key configuration settings in Open-AudIT covering discovery behaviour, change logging, data retention, and how to edit them.",{"title":249,"path":250,"stem":253,"description":245},{"title":372,"path":373,"stem":374,"description":375},"Backup & Restore","\u002Fdocs\u002Fadministration\u002Fbackup-restore","docs\u002F6.administration\u002F4.backup-restore","How to back up and restore your Open-AudIT database on Linux and Windows, including database reset procedures.",{"title":377,"path":378,"stem":379,"children":380,"description":382},"Troubleshooting","\u002Fdocs\u002Ftroubleshooting","docs\u002F7.troubleshooting\u002F1.index",[381,383,388],{"title":377,"path":378,"stem":379,"description":382},"General troubleshooting guidance for Open-AudIT covering discovery problems, common errors, and first steps for diagnosing issues.",{"title":384,"path":385,"stem":386,"description":387},"Common Errors","\u002Fdocs\u002Ftroubleshooting\u002Fcommon-errors","docs\u002F7.troubleshooting\u002F2.common-errors","Explanations and solutions for common Open-AudIT error messages including MySQL lock errors, LDAP issues, Apache problems, and license screens.",{"title":389,"path":390,"stem":391,"description":392},"Discovery Problems","\u002Fdocs\u002Ftroubleshooting\u002Fdiscovery-problems","docs\u002F7.troubleshooting\u002F3.discovery-problems","Troubleshoot Open-AudIT discovery issues including devices not found, duplicate records, Nmap problems, stuck queues, and cross-platform auditing.",{"title":394,"path":395,"stem":396,"description":397},"Release Notes","\u002Fdocs\u002Frelease-notes","docs\u002Frelease-notes","What's new in each Open-AudIT release — features, fixes, and improvements.",1779233235290]