User Management

This page covers user account administration in VoIPmonitor GUI, including creating users, assigning permissions, and configuring access controls.

Accessing User Management

Navigate to Users & Audit > Users in the GUI to manage user accounts.

User Types

Local Users

• Default authentication method using VoIPmonitor's internal database.
• Passwords are stored securely (hashed).
• Created and managed directly in the GUI.

External Authentication (LDAP/Custom Login)

• Integrate with LDAP/Active Directory using the custom login script.
• See Custom Login (LDAP) for configuration details.
• Important: The custom_login function must return a unique numeric id for each user.

Creating a New User

1. Go to Users & Audit > Users.
2. Click Add user.
3. Fill in required fields:
   • Username - Login name (must be unique).
   • Password - Strong password recommended.
   • Email - For alerts and password recovery.
   • Group - Assign to a permission group.
4. Configure permissions (see below).
5. Click Save.

User Permissions

Permissions control what users can access and modify. Set permissions via:

• User-level: Direct assignment on individual user.
• Group-level: Inherited from assigned group (recommended for easier management).

Permission Flags

Sensor Access Restrictions

Restrict users to specific sensors:

1. Edit user > Basic data tab.
2. In Enable sensors, select allowed sensor IDs.
3. Users will only see CDR from permitted sensors.

IP-Based Access Control

Restrict login to specific IP addresses:

1. Edit user > Secure users tab.
2. Enable Enable remote addresses.
3. Add allowed IP addresses/ranges.

CDR Data Restrictions

Restrict which CDR data users can view based on phone numbers, IP addresses, domains, and other criteria. These restrictions apply to both individual users and user groups.

Configuring Restrictions

1. Edit user or group > Click the restrictions tab.
2. Add filter criteria (e.g., phone numbers, IP addresses, domains).
3. Configure the boolean logic between restrictions (see below).

AND vs OR Logic Between Restrictions

By default, the system uses AND logic between all restrictions in the filter. This means a CDR record must match ALL conditions to be displayed to the user.

To use OR logic instead:

1. Navigate to the restrictions tab when editing a user or group.
2. Scroll to the bottom of the tab.
3. Check the OR condition checkbox.
4. Save your changes.

With OR logic enabled, a CDR record is displayed if it matches ANY of the configured restrictions.

Microsoft Sign-In Integration

For SSO with Microsoft Entra ID (Azure AD):

1. Edit user > Secure users tab.
2. Enter Microsoft Sign In emails to map the user.
3. See Microsoft_Sign_in_usage for full setup instructions.

Audit Logging

Track user actions for compliance (GDPR, HIPAA):

• GUI Audit: Enabled by default in Users & Audit > Audit.
• File-based Audit: Configure AUDIT_LOG_FILE in configuration.php.
• Per-user Audit Mode: Set Enable audit to auto or yes on individual users.

See Audit Log Configuration for details.

User Groups

Manage groups in Users & Audit > Groups:

• Define permission templates for multiple users.
• Assign users to groups for consistent access control.
• Changes to group permissions apply to all members.

Troubleshooting

User Cannot Log In

• Check IP restrictions in Secure users tab.
• Verify username/password (case-sensitive).
• Check if account is disabled.
• For LDAP: Test connection with php scripts/custom_login.php.

Permission Changes Not Taking Effect

• User must log out and log back in.
• Clear browser cache if issues persist.
• Verify group membership if using group permissions.

Dashboard Graphs Empty for Restricted Group Users

Symptom: A user assigned to a restricted group can access the VoIPmonitor GUI and load the Dashboard, but the graphs appear empty (no data points), whereas an unrestricted admin sees data correctly.

Root Cause: The user's group has IP address restrictions configured that prevent access to the required data sources. When a group is restricted to specific IP addresses, only CDR data matching those IPs are displayed in graphs and dashboards.

Solution:

1. Navigate to Users & Audit > Groups.
2. Edit the affected user group.
3. Click the restrictions tab.
4. Remove or adjust the IP address restrictions to allow access to the required data sources.
5. Save the changes.
6. Have the affected user refresh their browser to see updated data.

Forgot Admin Password

Reset password via database:

UPDATE users SET password = MD5('newpassword') WHERE username = 'admin';

Different Search Results Between Users With Identical Permissions

Symptom: Two users with the same GUI permissions see different results when searching for calls in the CDR view. One user can find calls with a specific filter, while the other cannot.

Root Cause: Multiple factors can cause this behavior, even when users have identical permission flags.

Troubleshooting Steps:

1. Check Per-User Timezone Setting: The timezone selector in the CDR view is user-specific and affects how date-based filters (e.g., "Today", "Last 7 Days") are translated into database queries.

• Navigate to the CDR List view.
• Compare the timezone setting in the top right corner for both users (see CDR Timezone Display Setting).
• If timezones differ, both users may be querying different time ranges despite using the same filter criteria.

2. Review User Restrictions: Check for per-user restrictions that filter which CDR data is visible.

1. Navigate to Users & Audit > Users.
2. Click edit user for the affected user.
3. Check the following tabs for restrictions:
   • Basic data tab - Review "Enable sensors" setting. Users with different sensor access will see different CDR data.
   • restrictions tab - Check if the user has IP address or other restrictions configured that filter CDR results.

3. Check Group Restrictions: If users are members of the same group, verify that both users are getting the expected restrictions.

1. Navigate to Users & Audit > Groups.
2. Edit the group and check the restrictions tab.
3. Ensure the group restrictions are appropriate for all users comparing results.

User Restrictions in Database

User restriction filters (configured in the GUI) are stored in the users table in the database. These filters control which CDR data users can view based on phone numbers, IP addresses, and other criteria.

Viewing User Restrictions

To view all user restriction filters configured in the system:

SELECT username, number FROM users;

The number column contains the user restriction filters as configured in the GUI.

Finding Specific Patterns in User Restrictions

To find user restrictions matching a specific pattern, use SQL LIKE queries:

-- Example: Find restrictions containing an asterisk character
SELECT username, number FROM users WHERE number LIKE '%\\\\*%';

Updating User Restrictions

You can update user restrictions directly via SQL:

UPDATE users SET number = '<your_filter_here>' WHERE username = 'username';

AI Summary for RAG

Summary: Guide to VoIPmonitor user management. Covers creating local users, LDAP/custom authentication integration (requires unique numeric ID per user), permission flags (can_cdr, can_play_audio, can_download_audio, can_pcap, can_reports_edit, can_alerts_edit, is_admin, etc.), sensor access restrictions (limit users to specific sensor IDs), IP-based access control (Secure users tab), CDR data restrictions (restrictions tab for filtering phone numbers, IP addresses, domains), AND vs OR logic between restrictions (default is AND, use OR condition checkbox at bottom of restrictions tab for OR logic), Microsoft Sign-In SSO integration (development feature), audit logging configuration, and user groups for permission templates. Troubleshooting includes IP restrictions, LDAP testing, groups restrictions tab for empty dashboard graphs, and admin password reset via database.

Keywords: user management, users, permissions, access control, LDAP, custom login, authentication, sensor restrictions, IP restrictions, CDR restrictions, restrictions tab, OR condition, AND logic, OR logic, boolean logic, user restrictions, IP domain restrictions, audit log, user groups, password reset, Microsoft Sign-In, SSO, can_cdr, can_pcap, is_admin, groups restrictions tab, restricted group, empty dashboard graphs, dashboard empty, graphs not showing, group IP restrictions, users table, number column, user restriction filters, database user management

Key Questions:

• How do I create a new user in VoIPmonitor?
• How do I restrict a user to specific sensors?
• How do I configure LDAP authentication for VoIPmonitor?
• What permissions are available for VoIPmonitor users?
• How do I reset the admin password in VoIPmonitor?
• How do I restrict user login by IP address?
• How do I enable audit logging for user actions?
• How do I set up user groups with shared permissions?
• Why can't a user log in to VoIPmonitor?
• How do I configure Microsoft Sign-In for VoIPmonitor users?
• Why are dashboard graphs empty for a restricted group user?
• How do I fix empty graphs for users in a restricted group?
• Where is the restrictions tab for user groups?
• How do I view user restriction filters in the database?
• Which table stores user restriction filters in VoIPmonitor?
• How do I find user restrictions containing specific patterns?
• How do I query the users table in VoIPmonitor database?
• How do I update user restrictions via SQL?
• What columns are in the users table for VoIPmonitor?
• How do I configure OR logic between user restrictions?
• How do I find the OR condition checkbox in the restrictions tab?
• What is the default logic between user restrictions?
• How do I restrict CDR data by IP address or domain for users?
• How do I use AND vs OR logic for user restrictions?