PRTG Manual: System Administration—User Groups

To open the system administration, select Setup | System Administration from the main menu bar. Select the various tabs to change the different settings.

System Administration Bar

System Administration Bar

You can define the following aspects of your PRTG system setup:

icon-i-round-blueThis documentation refers to an administrator accessing the PRTG web interface on a master node. If you use other user accounts, interfaces, or failover nodes, you might not see all of the options in the way described here. If you use a cluster installation, note that failover nodes are read-only by default.

If you use PRTG on premises and open the system administration page from a different administration page, PRTG asks you to enter your credentials again for security reasons if 15 minutes (900 seconds) have passed since your last credential-based login. A dialog box appears. Enter your Login Name and Password for PRTG in the corresponding fields and confirm to continue.

You define access rights for monitoring objects, libraries, maps, and reports at user group level. This means that group membership determines what a user can do and which monitoring objects, libraries, maps, or reports they can see. This does not apply to read-only users, who always have only read access, no matter what access rights the user group they belong to has. You can define group access rights for each object in the object's settings.

User Groups Overview

The User Groups tab shows a list of all user groups in this PRTG installation and various types of information about each user group.

  • Object: The name of the user group. Click it to open its settings.
  • Type: The user group type, for example, a PRTG user group or an Active Directory group.
  • Members: All users that are a member of this user group.
  • Primary Group: All users that have this user group as their primary group.
  • Active Directory Group: The Active Directory group that the user group is connected to.

Add User Groups

  • To add a new user group to PRTG on premises or to PRTG hosted by Paessler, hover over plus_button and select Add User Group from the menu. The options are almost the same as for editing user groups.
  • To change a user group's settings, select it from the list by clicking the group name.
  • For each user group you create, PRTG automatically adds a new group in the device tree with the name [group_name] home.
  • For each user group you create, PRTG automatically adds a new email notification to the notification templates. It has the name Email to all members of group [group_name]. The new user group automatically has read access to the new notification template.
  • By default, there are no access rights defined on objects for a newly created user group. Initially, users in this user group do not see any objects in the device tree except the automatically created [group_name] home group for which they have write access. This does not apply if the new user group is an administrator group. Edit the settings of objects in your device tree, libraries, maps, or reports, and set access rights for the new user group in the Access Rights section.
    icon-i-round-blueThe easiest way to set access rights is in the root group settings and to use the inheritance of settings.

icon-i-round-blueThe multi-edit option is not available for the fixed user groups PRTG Administrators and PRTG Users Group.

icon-i-round-blueYou cannot delete fixed objects such as the PRTG System Administrator user account, the PRTG Users Group, or the PRTG Administrators group.

icon-i-round-redIf you want to delete an Active Directory group from PRTG, you have to delete all users that are in the user group first. This is because the Active Directory users have this user group as their primary group, and user accounts have to have a primary group.

User Group Settings

Setting

Description

User Group Name

Enter a name for the user group.

Administrative Rights

Define if user group members have administrative rights:

  • Give user group members administrative rights: Give administrative rights to all user group members.
    icon-i-round-blueIf you enable this option, all user group members have full access to all device tree objects, libraries, maps, reports, and the ticket system. In addition, they can manage user accounts and user groups, and they can change the monitoring configuration of PRTG.
  • Do not give user group members administrative rights: Access to device tree objects, libraries, maps, and reports for user group members are defined in an object's settings.

Homepage URL

Define the default homepage for users created within this user group. This is the page that the user sees after logging in or when clicking the Home button in the main menu. Enter a PRTG-internal web page.

icon-i-round-blueThis applies to new users that were either added via Active Directory Integration or using the Add Multiple Users option.

Active Directory Integration

Define if this user group is connected to a user group in your Active Directory:

  • Use Active Directory integration: Connect this user group to a user group in your Active Directory.
    icon-square-cyanFor detailed information, see Active Directory Integration.
  • Do not use Active Directory integration: Do not connect this user group to a user group in your Active Directory. Use local user accounts instead.

icon-i-round-redYou cannot change credentials for users that are members of an Active Directory group.

icon-prtg-on-demandThis option is not available in PRTG hosted by Paessler.

Active Directory Group

This setting is only visible if you enable Active Directory Integration above. Select the user group whose members can log in to PRTG using their Active Directory domain credentials from the dropdown menu. The according user accounts have the group access rights of the user group you just created.

icon-i-round-redYou need to configure a valid Active Directory domain in the System Administration—Core & Probes settings for user groups to appear in the dropdown menu.

icon-square-cyanFor detailed information, see Active Directory Integration.

If your Active Directory contains more than 1,000 entries in total, PRTG displays an input field instead of a dropdown menu. This is for performance reasons. In the input field, you can only enter the name of the user group in your Active Directory. PRTG then automatically adds the domain name prefix.

icon-i-round-bluePRTG caches the list of the user groups in your Active Directory for one hour. You can update this list earlier by manually clearing the cache via the Clear Caches button under System Administration—Administrative Tools.

icon-prtg-on-demandThis option is not available in PRTG hosted by Paessler.

User Type

This setting is only visible if you enable Active Directory Integration above. Define the default user access rights for all new users in this user group:

  • Read/write user: The user can view monitoring results, libraries, maps, reports, and also edit the according settings. In addition, they can add and delete objects, libraries, maps, and reports. The user can acknowledge alarms, edit notification templates, notification contacts, and schedules.
  • Read-only user: The user can only view monitoring results, libraries, maps, reports, and the according settings. The user can acknowledge alarms and change their own password if allowed. This is a good choice for public or semi-public logins.

icon-i-round-blueRead-only users cannot be members of groups with administrative rights.

icon-i-round-blueIf a user logs in to PRTG for the first time using Active Directory credentials, PRTG automatically creates a new, local user account for this user with the user type you define here.

Acknowledge Alarms

This setting is only visible if you enable Read-only user above. Acknowledging an alarm is an action that requires write access. However, you can explicitly allow the read-only user to acknowledge alarms. Choose between:

  • User can acknowledge alarms: Allow the read-only user to acknowledge alarms.
  • User cannot acknowledge alarms (default): Do not allow the read-only user to acknowledge alarms.

Allowed Sensors

Define if user group members can create all sensors or only specific sensors:

  • Users can create all sensors: No restrictions for group members apply.
  • Users can only create certain sensors: Select the allowed sensors from the list of available sensors.

Users Can Create These Sensors

This setting is only visible if you enable Users can only create certain sensors above. A list of all available sensors is shown. Select the sensors that user group members can create by adding check marks in front of the respective sensor name. You can also select all items or cancel the selection by using the check box in the table header.

icon-i-round-bluePRTG displays sensors that are in use in bold print.

icon-i-round-blueThis setting does not apply when a user group member runs an auto-discovery. The auto-discovery adds all sensors that are defined in the used device templates. This setting does also not apply when a user group member adds recommended sensors.

Ticket System Access

Define if user group members can use the ticket system:

  • Users can use the ticket system: Users in this user group can read, create, assign, and modify tickets.
    icon-i-round-blueGroup members that are read-only users never have access to the ticket system.
  • Users cannot use the ticket system: The Tickets menu item in the main menu bar is not visible to users in this user group.

Group Members

Setting

Description

Members

This setting is only visible if you disable Active Directory Integration above. Define which local user accounts are members of this user group. To add a user account from the list, add a check mark in front of the user name. The available user accounts depend on your setup.

Primary Group Users

Setting

Description

User List

Shows a list of all user accounts that have this user group as their primary group. This is only shown for your information. You can change the primary group of a user account in the user account's settings.