User Management

From VoIPmonitor.org
Revision as of 18:59, 6 January 2026 by Admin (talk | contribs) (Add troubleshooting for empty dashboard graphs in restricted groups)


User Management

This page covers user account administration in VoIPmonitor GUI, including creating users, assigning permissions, and configuring access controls.

Accessing User Management

Navigate to Users & Audit > Users in the GUI to manage user accounts.

User Types

Local Users

  • Default authentication method using VoIPmonitor's internal database.
  • Passwords are stored securely (hashed).
  • Created and managed directly in the GUI.

External Authentication (LDAP/Custom Login)

  • Integrate with LDAP/Active Directory using the custom login script.
  • See Custom Login (LDAP) for configuration details.
  • Important: The custom_login function must return a unique numeric id for each user.

Creating a New User

  1. Go to Users & Audit > Users.
  2. Click Add user.
  3. Fill in required fields:
    • Username - Login name (must be unique).
    • Password - Strong password recommended.
    • Email - For alerts and password recovery.
    • Group - Assign to a permission group.
  4. Configure permissions (see below).
  5. Click Save.

User Permissions

Permissions control what users can access and modify. Set permissions via:

  • User-level: Direct assignment on individual user.
  • Group-level: Inherited from assigned group (recommended for easier management).

Permission Flags

Permission Description
is_admin Full administrative access
can_cdr View CDR records
can_play_audio Play call recordings in GUI
can_download_audio Download audio files
can_listen_active_call Live call monitoring (ChunkPlayer)
can_pcap Download PCAP files
can_messages View SIP messages
can_graphs Access graphs and charts
can_livesniffer Live sniffer functionality
can_capture_rules Manage capture rules
can_reports_edit Create/edit reports
can_alerts_edit Create/edit alerts
can_dashboard View dashboards
can_ipacc IP accounting features
can_audit View audit logs
can_sensors_operations Sensor management

💡 Tip: Set is_admin to false and use group permissions for granular access control.

Sensor Access Restrictions

Restrict users to specific sensors:

  1. Edit user > Basic data tab.
  2. In Enable sensors, select allowed sensor IDs.
  3. Users will only see CDR from permitted sensors.

IP-Based Access Control

Restrict login to specific IP addresses:

  1. Edit user > Secure users tab.
  2. Enable Enable remote addresses.
  3. Add allowed IP addresses/ranges.

⚠️ Warning: If you lock yourself out, you must access the database directly to remove IP restrictions.

Microsoft Sign-In Integration

ℹ️ Note: This feature is currently in development and not available in stable releases.

For SSO with Microsoft Entra ID (Azure AD):

  1. Edit user > Secure users tab.
  2. Enter Microsoft Sign In emails to map the user.
  3. See Microsoft_Sign_in_usage for full setup instructions.

Audit Logging

Track user actions for compliance (GDPR, HIPAA):

  • GUI Audit: Enabled by default in Users & Audit > Audit.
  • File-based Audit: Configure AUDIT_LOG_FILE in configuration.php.
  • Per-user Audit Mode: Set Enable audit to auto or yes on individual users.

See Audit Log Configuration for details.

User Groups

Manage groups in Users & Audit > Groups:

  • Define permission templates for multiple users.
  • Assign users to groups for consistent access control.
  • Changes to group permissions apply to all members.

Troubleshooting

User Cannot Log In

  • Check IP restrictions in Secure users tab.
  • Verify username/password (case-sensitive).
  • Check if account is disabled.
  • For LDAP: Test connection with php scripts/custom_login.php.

Permission Changes Not Taking Effect

  • User must log out and log back in.
  • Clear browser cache if issues persist.
  • Verify group membership if using group permissions.

Dashboard Graphs Empty for Restricted Group Users

Symptom: A user assigned to a restricted group can access the VoIPmonitor GUI and load the Dashboard, but the graphs appear empty (no data points), whereas an unrestricted admin sees data correctly.

Root Cause: The user's group has IP address restrictions configured that prevent access to the required data sources. When a group is restricted to specific IP addresses, only CDR data matching those IPs are displayed in graphs and dashboards.

Solution:

  1. Navigate to Users & Audit > Groups.
  2. Edit the affected user group.
  3. Click the restrictions tab.
  4. Remove or adjust the IP address restrictions to allow access to the required data sources.
  5. Save the changes.
  6. Have the affected user refresh their browser to see updated data.

💡 Tip: To verify if restrictions are causing the issue, temporarily clear all restrictions in the group and check if graphs appear. If graphs show data after clearing restrictions, the IP restrictions were blocking access.

ℹ️ Note: Group-level IP restrictions are different from user-level IP restrictions. Group restrictions filter which CDR data the user can view, while user-level restrictions (in the Secure users tab) control which IP addresses can log in.

Forgot Admin Password

Reset password via database: 

UPDATE users SET password = MD5('newpassword') WHERE username = 'admin';

⚠️ Warning: This sets an MD5 hash. For better security, log in immediately and change the password through the GUI.

AI Summary for RAG

Summary: Guide to VoIPmonitor user management. Covers creating local users, LDAP/custom authentication integration (requires unique numeric ID per user), permission flags (can_cdr, can_play_audio, can_download_audio, can_pcap, can_reports_edit, can_alerts_edit, is_admin, etc.), sensor access restrictions (limit users to specific sensor IDs), IP-based access control (Secure users tab), Microsoft Sign-In SSO integration (development feature), audit logging configuration, and user groups for permission templates. Troubleshooting includes IP restrictions, LDAP testing, groups restrictions tab for empty dashboard graphs, and admin password reset via database.

Keywords: user management, users, permissions, access control, LDAP, custom login, authentication, sensor restrictions, IP restrictions, audit log, user groups, password reset, Microsoft Sign-In, SSO, can_cdr, can_pcap, is_admin, groups restrictions tab, restricted group, empty dashboard graphs, dashboard empty, graphs not showing, group IP restrictions

Key Questions:

  • How do I create a new user in VoIPmonitor?
  • How do I restrict a user to specific sensors?
  • How do I configure LDAP authentication for VoIPmonitor?
  • What permissions are available for VoIPmonitor users?
  • How do I reset the admin password in VoIPmonitor?
  • How do I restrict user login by IP address?
  • How do I enable audit logging for user actions?
  • How do I set up user groups with shared permissions?
  • Why can't a user log in to VoIPmonitor?
  • How do I configure Microsoft Sign-In for VoIPmonitor users?
  • Why are dashboard graphs empty for a restricted group user?
  • How do I fix empty graphs for users in a restricted group?
  • Where is the restrictions tab for user groups?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=User_Management&oldid=9241"