User Management

This page covers user account administration in VoIPmonitor GUI, including creating users, assigning permissions, and configuring access controls.

Accessing User Management

Navigate to Users & Audit > Users in the GUI to manage user accounts.

User Types

Local Users

• Default authentication method using VoIPmonitor's internal database.
• Passwords are stored securely (hashed).
• Created and managed directly in the GUI.

External Authentication (LDAP/Custom Login)

• Integrate with LDAP/Active Directory using the custom login script.
• See Custom Login (LDAP) for configuration details.
• Important: The custom_login function must return a unique numeric id for each user.

Creating a New User

1. Go to Users & Audit > Users.
2. Click Add user.
3. Fill in required fields:
   • Username - Login name (must be unique).
   • Password - Strong password recommended.
   • Email - For alerts and password recovery.
   • Group - Assign to a permission group.
4. Configure permissions (see below).
5. Click Save.

User Permissions

Permissions control what users can access and modify. Set permissions via:

• User-level: Direct assignment on individual user.
• Group-level: Inherited from assigned group (recommended for easier management).

Permission Flags

Upgrade Permissions

By design, only users assigned the is_admin role can perform upgrades:

• GUI upgrades: Upgrade the web interface via Settings > System > Upgrade
• Sensor upgrades: Upgrade sensor/sniffer via Settings > Sensors
• Auto-upgrade controls: Enable or disable automatic upgrades

Sensor Access Restrictions

Restrict users to specific sensors:

1. Edit user > Basic data tab.
2. In Enable sensors, select allowed sensor IDs.
3. Users will only see CDR from permitted sensors.

IP-Based Access Control

Restrict login to specific IP addresses:

1. Edit user > Secure users tab.
2. Enable Enable remote addresses.
3. Add allowed IP addresses/ranges.

CDR Data Restrictions

Restrict which CDR data users can view based on phone numbers, IP addresses, domains, and other criteria. These restrictions apply to both individual users and user groups.

Configuring Restrictions

1. Edit user or group > Click the restrictions tab.
2. Add filter criteria (e.g., phone numbers, IP addresses, domains).
3. Configure the boolean logic between restrictions (see below).

AND vs OR Logic Between Restrictions

By default, the system uses AND logic between all restrictions in the filter. This means a CDR record must match ALL conditions to be displayed to the user.

To use OR logic instead:

1. Navigate to the restrictions tab when editing a user or group.
2. Scroll to the bottom of the tab.
3. Check the OR condition checkbox.
4. Save your changes.

With OR logic enabled, a CDR record is displayed if it matches ANY of the configured restrictions.

Microsoft Sign-In Integration

For SSO with Microsoft Entra ID (Azure AD):

1. Edit user > Secure users tab.
2. Enter Microsoft Sign In emails to map the user.
3. See Microsoft_Sign_in_usage for full setup instructions.

Audit Logging

Track user actions for compliance (GDPR, HIPAA):

• GUI Audit: Enabled by default in Users & Audit > Audit.
• File-based Audit: Configure AUDIT_LOG_FILE in configuration.php.
• Per-user Audit Mode: Set Enable audit to auto or yes on individual users.

User Groups

Manage groups in Users & Audit > Groups:

• Define permission templates for multiple users.
• Assign users to groups for consistent access control.
• Changes to group permissions apply to all members.

Troubleshooting

User Cannot Log In

• Check IP restrictions in Secure users tab.
• Verify username/password (case-sensitive).
• Check if account is disabled.
• For LDAP: Test connection with php scripts/custom_login.php.

Permission Changes Not Taking Effect

• User must log out and log back in.
• Clear browser cache if issues persist.
• Verify group membership if using group permissions.

Dashboard Graphs Empty for Restricted Group Users

Symptom: A user assigned to a restricted group can access the VoIPmonitor GUI and load the Dashboard, but the graphs appear empty (no data points), whereas an unrestricted admin sees data correctly.

Root Cause: The user's group has IP address restrictions configured that prevent access to the required data sources. When a group is restricted to specific IP addresses, only CDR data matching those IPs are displayed in graphs and dashboards.

Solution:

1. Navigate to Users & Audit > Groups.
2. Edit the affected user group.
3. Click the restrictions tab.
4. Remove or adjust the IP address restrictions to allow access to the required data sources.
5. Save the changes.
6. Have the affected user refresh their browser to see updated data.

Forgot Admin Password

Reset password via database:

UPDATE users SET password = MD5('newpassword') WHERE username = 'admin';

Different Search Results Between Users With Identical Permissions

Symptom: Two users with the same GUI permissions see different results when searching for calls in the CDR view. One user can find calls with a specific filter, while the other cannot.

Root Cause: Multiple factors can cause this behavior, even when users have identical permission flags.

Troubleshooting Steps:

1. Check Per-User Timezone Setting: The timezone selector in the CDR view is user-specific and affects how date-based filters (e.g., "Today", "Last 7 Days") are translated into database queries.

• Navigate to the CDR List view.
• Compare the timezone setting in the top right corner for both users (see CDR Timezone Display Setting).
• If timezones differ, both users may be querying different time ranges despite using the same filter criteria.

2. Review User Restrictions: Check for per-user restrictions that filter which CDR data is visible.

1. Navigate to Users & Audit > Users.
2. Click edit user for the affected user.
3. Check the following tabs for restrictions:
   • Basic data tab - Review "Enable sensors" setting. Users with different sensor access will see different CDR data.
   • restrictions tab - Check if the user has IP address or other restrictions configured that filter CDR results.

3. Check Group Restrictions: If users are members of the same group, verify that both users are getting the expected restrictions.

1. Navigate to Users & Audit > Groups.
2. Edit the group and check the restrictions tab.
3. Ensure the group restrictions are appropriate for all users comparing results.

User Cannot Search by Call ID in the CDR View

Symptom: A user reports that they cannot search for calls using the "Call ID" field in the CDR view. The Call ID filter field may be missing or searches return no results.

Root Cause: The user is missing the can_cdr permission, which grants access to the CDR view and the filter form for searching by Call-ID and other SIP details.

Solution:

1. Log in to the VoIPmonitor GUI as an Administrator.
2. Navigate to Users & Audit > Users.
3. Click edit user for the affected user.
4. Enable the Allow to view CDR checkbox (this sets the can_cdr permission to true).
5. Click Save.
6. Have the affected user log out and log back in for the permission change to take effect.

User Restrictions in Database

User restriction filters (configured in the GUI) are stored in the users table in the database. These filters control which CDR data users can view based on phone numbers, IP addresses, and other criteria.

Viewing User Restrictions

To view all user restriction filters configured in the system:

SELECT username, number FROM users;

The number column contains the user restriction filters as configured in the GUI.

Finding Specific Patterns in User Restrictions

To find user restrictions matching a specific pattern, use SQL LIKE queries:

-- Example: Find restrictions containing an asterisk character
SELECT username, number FROM users WHERE number LIKE '%\\\\*%';

Updating User Restrictions

You can update user restrictions directly via SQL:

UPDATE users SET number = '<your_filter_here>' WHERE username = 'username';

See Also

• Custom Login (LDAP)
• Microsoft Sign-In Integration
• Google Sign-In Integration
• REMOTE_USER / Shibboleth SSO
• CDR View Documentation

AI Summary for RAG

Summary: Guide to VoIPmonitor user management covering local users and LDAP/custom authentication (requires unique numeric ID per user), permission flags (can_cdr, can_play_audio, can_pcap, is_admin, etc.), upgrade permissions (only is_admin role users can perform GUI/sensor upgrades via web interface, no option to hide upgrade menu for admin users), sensor access restrictions, IP-based login control (Secure users tab), CDR data restrictions (restrictions tab with AND/OR logic), Microsoft Sign-In SSO (development), audit logging, and user groups. Troubleshooting covers IP restrictions, empty dashboard graphs for restricted groups, can_cdr permission for Call ID search, and admin password reset via database.

Keywords: user management, permissions, access control, LDAP, custom login, sensor restrictions, IP restrictions, CDR restrictions, restrictions tab, OR condition, AND logic, audit log, user groups, password reset, Microsoft Sign-In, SSO, can_cdr, is_admin, empty dashboard graphs, group restrictions, users table, Call ID search, upgrade permissions, admin upgrade, GUI upgrade, sensor upgrade, upgrade menu, command line upgrade

Key Questions:

• How do I create a new user in VoIPmonitor?
• How do I restrict a user to specific sensors?
• How do I configure LDAP authentication for VoIPmonitor?
• What permissions are available for VoIPmonitor users?
• How do I reset the admin password in VoIPmonitor?
• How do I restrict user login by IP address?
• How do I set up user groups with shared permissions?
• Why are dashboard graphs empty for a restricted group user?
• How do I configure OR logic between user restrictions?
• Why can't a user search by Call ID in the CDR view?
• What permission is required for CDR view access?
• Who can perform upgrades in the VoIPmonitor GUI?
• How do I restrict upgrade permissions in the web interface?
• Is there a way to hide the upgrade menu for admin users?