Opereto supports three type of user roles as shown in the following table:


 User Role
 Description
admin
The administrator can do everything: view, add, modify and delete all entities in the system. Opereto comes with a built-in default account called admin. You cannot remove this account but is is recommended to change the default password (“adminpass”) to another after the first login and add the name, email and mobile number of the actual administrator.
user
User can do everything: view, add, modify and delete all entities in the system except the following:
add, edit or delete users (though he can change his credentials)
change system settings
agent
A user of type 'agent' can only view process details, add new processes and modify running processes. For security sake, we recommend that agents running on remote hosts will log in to Opereto center with a user of this role. 


Opereto policy requires that usernames and passwords will satisfy the following minimal requirements:

  • Username must contain at least three characters, start with a letter and include the following characters only: [a-zA-Z0-9-_].
  • Password must contain at least 8 characters.


User Properties


The user properties mechanism enables to override global parameters for a given user operations. For example, let us assume that some automation service in defined in Opereto that operates on AWS account are configured to read the access and secret keys from a global parameter called GLOBALS.aws_aceess_key and a parameter called GLOBALS.aws_secret_key that hold the access and secret keys values respectively. Now, let us assume that the Opereto system administrator wants to automatically direct some users to another AWS account so that they will keep using the same Opereto AWS services, for instance, to setup and teardown test environments but resources will be created in another AWS account. 


Opereto administrator may add the new account globals parameters, say GLOBALS.aws_aceess_key_2 and GLOBALS.aws_secret_key_2 and then add the following mapping to the relevant users:

{
    "GLOBALS.aws_access_key": "GLOBALS.aws_access_key_2",
    "GLOBALS.aws_secret_key": "GLOBALS.aws_secret_key_2"
}


In the same manner, every global parameter may be overridden per user so user behaviour may be changed without changing the automation services configuration of code.