Managing the Web Client
We at Nodinite designed the Web Client to enable self service for your business as well as being a portal for the administration of Nodinite using Role based security.
You must be a member of the Administrators role to manage Nodinite
Nodinite almost never forgets anything, a delete is not really a hard delete! Whenever a user deletes a record, for example an Endpoint, the endpoint is merely flagged as being deleted. A deleted item can be restored by an administrator. We at Nodinite designed for this behaviour because people make mistakes, for auditing and full access to the history of everything that has been recorded. We also use this information to provide long term statistics for you. Configuration data does not take that much space in the databases anyway and the benefits outperforms the downsides. You may wanna know what happened... and Nodinite gets it for you... Always Aware!
With Nodinite, Even if you delete something by accident, you can get it back
Do you care who reads and potentially further distributes content (like medical records, business transactions, ...) without leaving a single trace? Do you grant local admin rights to developers, your support and maintenance organization, consultants? With the role based access using Nodinite you can remotely fix problems from the Web Client and restrict/allow access to specific information and resources/services, all being audited. All this without anyone having direct access to servers and services, i.e. Do not let anyone and everyone be an administrator, you do not know what they do, or have access to (or maybe not even when).
All operations that you or any other user/service performs that changes information/data, and also some potentially sensitive operations like download or view messages are being logged into a tamper resistant Log Audits storage.
The Audit Log helps you avoid blame game discussions in many ways:
- By using the powerful remote actions available with Nodinite users do not need elevated rights directly on servers and cloud services
- If your users do not have access they can't disrupt services
- If someone changes anything using Nodinite you can later know who did what and when
Nodinite currently uses Windows Integrated Security and for your end-users to get access to the Web Client User Interface a Nodinite Administrator needs to register the end-users identity either as a User or part of a Windows Group and then add to appropriate Nodinite application Roles.
The policy is governed by a predefined Administrators Role
Users part of the Administrators role also has access to the Administration and full edit rights to manage the Repository Model.
A user part of the predefined Administrators role has access to additional menu items in the Web Client User Interface
Nodinite uses Role based security to grant Users access to Log Views and Monitor Views. Nodinite has a special predefined Administrators role that cannot be changed other than the associated list of Users and Groups.
Quick facts for a Role:
- A Role has a unique name
- There can be any number of Roles defined
- There can be any number of users associated with a Role
- Users can be members of many Roles
- There can be any number of Windows AD Groups associated with a Role
- Windows AD Groups can be members of many Roles
- Log Views
- Monitor Views
- Administrators Role - Members can perform all available operations within Nodinite
A User is an entity within Nodinite with the name of the Windows identity in the form
Domain\UserName. Only members of the Administrators Role can manage Users. A User that is not registered either by name or as part of a Windows AD Group is denied access to the Nodinite Web Client User Interface
and wil be prompted by the browser to provide valid Windows credentials.
Note: By default everything is disallowed and an Administrator must explicitly Allow or Deny what authenticated users can see and do.
Example of access rights for
nodinitedemo01\demouser for Log Views
Example of access rights for
nodinitedemo01\demouser for Monitor Views
A registered User that is not Administrator with no associations to either Log Views or Monitor Views is still granted logon rights (very limited Nodinite features available). Very much the same logical idea as the grant public in SQL databases.
Quick facts for a User:
- A User has a unique name
- There can be any number of Users defined
- A User can have an email address that will be honoured by the E-mail plugin when used in Monitor Views
- A Deny always wins
A Windows AD Group is an entity within Nodinite with the name of the Windows group in the form 'Domain\GroupName'. In essence
Quick facts for a Windows AD Group:
A Windows AD Group has a unique name
NOTE: There is no matching and if you later change the name of the group in Windows AD, Nodinite will have no idea about that effectively blocking the usage for members of the AD group until the name has been changed to match.
There can be any number of Windows AD Groups defined
Note: There is no matching and you are NOT allowed to use the built-in local administrators group
A Windows AD Group can be member of one or many Nodinite Roles
With Nodinite you have end to end logging of your workflows and you can be the hero providing custom built self service Log Views with the data your business needs/wants in a layout tailor made for the specific need at hand.
Mulesoft Anypoint, BizTalk
IBM Integration Bus, ...
Custom Logging Solutions]--- roLV[fal:fa-hdd Log Views
fal:fa-filter Filter and restrictions] roAudit[fal:fa-user-tag Log Audited operations] roLV --- roAudit
With the restrictions Nodinite provides you can even filter the returned data down to any detail level. You may not want to (or legally can) share everything, just because it's been logged, here are some examples:
- Anything on selected Endpoint
- All Orders
- All failed orders last month
- All orders to customer X
- Users are only allowed to search for approved invoices to supplier X with amount > 100$ no older than 3 days
- Find all orders missing its corresponding order response (yes, you get complex Ack/Nack management with Nodinite, we even top this with the ability to send you alerts when the order response has exceeded its configurable time threshold)
Nodinite supports the creation of Log Views where you can determine exactly what data to list, what columns and in what order, grouping options, various settings that affects what the user can do (view payload, download, resend, repair...) and of course for who.
- Provide self service Log Views for your business
- Manage access Users and Roles
- Manage Log Agents
- Manage Search Fields
- Manage Log Agents
- Manage Log Status Codes
With Nodinite you get end to end monitoring capabilities and a self service portal for your business and your support and maintenance team to solve problems from wherever they are. With Nodinite comes a plethora of Monitoring Agents custom built by us for the purpose of detecting problems and by providing remote actions you can swiftly resolve most matters instantly in a secure, audited way. Nodinite comes packed with functionality and a knowledgebase for better self service. The Repository Model is put to work and provides a faster self service experience.
Nodinite provides Monitor Views that you use to group related Resources, for example all dependencies for the Invoicing Integration flow.
Even a simple system integration solution has many Resources and dependencies that needs monitoring and the information is key for different stakeholders at different times.
Expected volume?] --> roFile end
An Administrator of Nodinite can provide role based Monitor Views. This means that the solutions may be partitioned and managed in a very fine-grained way. Any single user is only allowed to see explicitly allowed Resources, where also custom remote Remote Actions may be allowed (stop/start/...). Using Monitor Views in many cases removes the need for Remote Desktop Sessions and administrative privileges on servers.
Log Audits - Stay secure
The Monitoring capabilities of Nodinite is provided by the Monitoring Agents. These agents are setup as Monitoring Agents and are governed by the Monitoring Service The Monitoring Agents provide Resources with different set of states. User specific alerts are provided by configuring Monitor Views. Monitor is where you access and configure the Monitor Views.
There can be any number of Monitor Views defined.
- Manage Monitoring Agents
- Manage Monitor Views
- Manage Resources
- Manage Categories
- Manage Applications
- Manage Monitoring Agents
Review the System Parameters user guides for additional information
Beginning with Nodinite 5.1 and later even a Nodinite Administrator may be blocked from using Monitoring and Logging features.
Example where members of the built-in Administrators role is denied from accessing a specific Log View