User Management

From VoIPmonitor.org
Revision as of 20:02, 6 January 2026 by Admin (talk | contribs) (Add User Restrictions in Database section with SQL queries for users table)


User Management

This page covers user account administration in VoIPmonitor GUI, including creating users, assigning permissions, and configuring access controls.

Accessing User Management

Navigate to Users & Audit > Users in the GUI to manage user accounts.

User Types

Local Users

  • Default authentication method using VoIPmonitor's internal database.
  • Passwords are stored securely (hashed).
  • Created and managed directly in the GUI.

External Authentication (LDAP/Custom Login)

  • Integrate with LDAP/Active Directory using the custom login script.
  • See Custom Login (LDAP) for configuration details.
  • Important: The custom_login function must return a unique numeric id for each user.

Creating a New User

  1. Go to Users & Audit > Users.
  2. Click Add user.
  3. Fill in required fields:
    • Username - Login name (must be unique).
    • Password - Strong password recommended.
    • Email - For alerts and password recovery.
    • Group - Assign to a permission group.
  4. Configure permissions (see below).
  5. Click Save.

User Permissions

Permissions control what users can access and modify. Set permissions via:

  • User-level: Direct assignment on individual user.
  • Group-level: Inherited from assigned group (recommended for easier management).

Permission Flags

Permission Description
is_admin Full administrative access
can_cdr View CDR records
can_play_audio Play call recordings in GUI
can_download_audio Download audio files
can_listen_active_call Live call monitoring (ChunkPlayer)
can_pcap Download PCAP files
can_messages View SIP messages
can_graphs Access graphs and charts
can_livesniffer Live sniffer functionality
can_capture_rules Manage capture rules
can_reports_edit Create/edit reports
can_alerts_edit Create/edit alerts
can_dashboard View dashboards
can_ipacc IP accounting features
can_audit View audit logs
can_sensors_operations Sensor management

💡 Tip: Set is_admin to false and use group permissions for granular access control.

Sensor Access Restrictions

Restrict users to specific sensors:

  1. Edit user > Basic data tab.
  2. In Enable sensors, select allowed sensor IDs.
  3. Users will only see CDR from permitted sensors.

IP-Based Access Control

Restrict login to specific IP addresses:

  1. Edit user > Secure users tab.
  2. Enable Enable remote addresses.
  3. Add allowed IP addresses/ranges.

⚠️ Warning: If you lock yourself out, you must access the database directly to remove IP restrictions.

Microsoft Sign-In Integration

ℹ️ Note: This feature is currently in development and not available in stable releases.

For SSO with Microsoft Entra ID (Azure AD):

  1. Edit user > Secure users tab.
  2. Enter Microsoft Sign In emails to map the user.
  3. See Microsoft_Sign_in_usage for full setup instructions.

Audit Logging

Track user actions for compliance (GDPR, HIPAA):

  • GUI Audit: Enabled by default in Users & Audit > Audit.
  • File-based Audit: Configure AUDIT_LOG_FILE in configuration.php.
  • Per-user Audit Mode: Set Enable audit to auto or yes on individual users.

See Audit Log Configuration for details.

User Groups

Manage groups in Users & Audit > Groups:

  • Define permission templates for multiple users.
  • Assign users to groups for consistent access control.
  • Changes to group permissions apply to all members.

Troubleshooting

User Cannot Log In

  • Check IP restrictions in Secure users tab.
  • Verify username/password (case-sensitive).
  • Check if account is disabled.
  • For LDAP: Test connection with php scripts/custom_login.php.

Permission Changes Not Taking Effect

  • User must log out and log back in.
  • Clear browser cache if issues persist.
  • Verify group membership if using group permissions.

Dashboard Graphs Empty for Restricted Group Users

Symptom: A user assigned to a restricted group can access the VoIPmonitor GUI and load the Dashboard, but the graphs appear empty (no data points), whereas an unrestricted admin sees data correctly.

Root Cause: The user's group has IP address restrictions configured that prevent access to the required data sources. When a group is restricted to specific IP addresses, only CDR data matching those IPs are displayed in graphs and dashboards.

Solution:

  1. Navigate to Users & Audit > Groups.
  2. Edit the affected user group.
  3. Click the restrictions tab.
  4. Remove or adjust the IP address restrictions to allow access to the required data sources.
  5. Save the changes.
  6. Have the affected user refresh their browser to see updated data.

💡 Tip: To verify if restrictions are causing the issue, temporarily clear all restrictions in the group and check if graphs appear. If graphs show data after clearing restrictions, the IP restrictions were blocking access.

ℹ️ Note: Group-level IP restrictions are different from user-level IP restrictions. Group restrictions filter which CDR data the user can view, while user-level restrictions (in the Secure users tab) control which IP addresses can log in.

Forgot Admin Password

Reset password via database: 

UPDATE users SET password = MD5('newpassword') WHERE username = 'admin';

⚠️ Warning: This sets an MD5 hash. For better security, log in immediately and change the password through the GUI.

Different Search Results Between Users With Identical Permissions

Symptom: Two users with the same GUI permissions see different results when searching for calls in the CDR view. One user can find calls with a specific filter, while the other cannot.

Root Cause: Multiple factors can cause this behavior, even when users have identical permission flags.

Troubleshooting Steps:

1. Check Per-User Timezone Setting: The timezone selector in the CDR view is user-specific and affects how date-based filters (e.g., "Today", "Last 7 Days") are translated into database queries.

  • Navigate to the CDR List view.
  • Compare the timezone setting in the top right corner for both users (see CDR Timezone Display Setting).
  • If timezones differ, both users may be querying different time ranges despite using the same filter criteria.

2. Review User Restrictions: Check for per-user restrictions that filter which CDR data is visible.

  1. Navigate to Users & Audit > Users.
  2. Click edit user for the affected user.
  3. Check the following tabs for restrictions:
    • Basic data tab - Review "Enable sensors" setting. Users with different sensor access will see different CDR data.
    • restrictions tab - Check if the user has IP address or other restrictions configured that filter CDR results.

3. Check Group Restrictions: If users are members of the same group, verify that both users are getting the expected restrictions.

  1. Navigate to Users & Audit > Groups.
  2. Edit the group and check the restrictions tab.
  3. Ensure the group restrictions are appropriate for all users comparing results.

💡 Tip: The restrictions tab on users and groups controls which CDR data is filtered in queries. This is different from the Secure users tab, which only controls which IP addresses are allowed to log in.

User Restrictions in Database

User restriction filters (configured in the GUI) are stored in the users table in the database. These filters control which CDR data users can view based on phone numbers, IP addresses, and other criteria.

Viewing User Restrictions

To view all user restriction filters configured in the system: 

SELECT username, number FROM users;

The number column contains the user restriction filters as configured in the GUI.

Finding Specific Patterns in User Restrictions

To find user restrictions matching a specific pattern, use SQL LIKE queries: 

-- Example: Find restrictions containing an asterisk character
SELECT username, number FROM users WHERE number LIKE '%\\\\*%';

ℹ️ Note: SQL Escaping Note: When searching for special characters in the number column, backslashes must be properly escaped. In the example above, \\\\ represents a single literal backslash in the LIKE clause pattern. This is required because the backslash needs to be escaped for both the SQL string literal and the LIKE pattern.

Updating User Restrictions

You can update user restrictions directly via SQL: 

UPDATE users SET number = '<your_filter_here>' WHERE username = 'username';

⚠️ Warning: Direct database changes bypass GUI validation. Always test in a non-production environment first.

💡 Tip: After modifying user restrictions via SQL, users must log out and log back in for changes to take effect.

AI Summary for RAG

Summary: Guide to VoIPmonitor user management. Covers creating local users, LDAP/custom authentication integration (requires unique numeric ID per user), permission flags (can_cdr, can_play_audio, can_download_audio, can_pcap, can_reports_edit, can_alerts_edit, is_admin, etc.), sensor access restrictions (limit users to specific sensor IDs), IP-based access control (Secure users tab), Microsoft Sign-In SSO integration (development feature), audit logging configuration, and user groups for permission templates. Troubleshooting includes IP restrictions, LDAP testing, groups restrictions tab for empty dashboard graphs, and admin password reset via database.

Keywords: user management, users, permissions, access control, LDAP, custom login, authentication, sensor restrictions, IP restrictions, audit log, user groups, password reset, Microsoft Sign-In, SSO, can_cdr, can_pcap, is_admin, groups restrictions tab, restricted group, empty dashboard graphs, dashboard empty, graphs not showing, group IP restrictions, users table, user restrictions, number column, user restriction filters, database user management

Key Questions:

  • How do I create a new user in VoIPmonitor?
  • How do I restrict a user to specific sensors?
  • How do I configure LDAP authentication for VoIPmonitor?
  • What permissions are available for VoIPmonitor users?
  • How do I reset the admin password in VoIPmonitor?
  • How do I restrict user login by IP address?
  • How do I enable audit logging for user actions?
  • How do I set up user groups with shared permissions?
  • Why can't a user log in to VoIPmonitor?
  • How do I configure Microsoft Sign-In for VoIPmonitor users?
  • Why are dashboard graphs empty for a restricted group user?
  • How do I fix empty graphs for users in a restricted group?
  • Where is the restrictions tab for user groups?
  • How do I view user restriction filters in the database?
  • Which table stores user restriction filters in VoIPmonitor?
  • How do I find user restrictions containing specific patterns?
  • How do I query the users table in VoIPmonitor database?
  • How do I update user restrictions via SQL?
  • What columns are in the users table for VoIPmonitor?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=User_Management&oldid=9424"