User Management
Who can log on to Dashboard Server?
There are two requirements for being able to log on to Dashboard Server:
The user needs to be a SCOM user. Any SCOM user (anyone with any role within SCOM) can access Dashboard Server with their windows credentials (see How to add a user to Dashboard Server).
The user needs to be on the list of Named Users. If they are not on the list and the list isn't full yet, they will automatically be put on the list when they try to log on for the first time. The number of users that can be put on the list is restricted by the number of licenses (Named Users) you have purchased from SquaredUp.
Yes, with Sharing Dashboards with anyone - Open Access.
The Open Access feature allows you to share your dashboards with anyone, even if they are not a licensed Dashboard Server user. It creates an Open Access version of the original dashboard that can be accessed via its own URL without the need to login. Open Access dashboards are perfect for embedding them in user portals like Sharepoint, pushing them to wall monitors or using them as high-level reports for managers.
Since there's no authentication needed, viewing Open Access dashboards does not consume Named User licenses which means you can share your dashboards with unlimited users.
Creating an Open Access version of your dashboard doesn't change anything about the original dashboard. The original version can still be accessed by logged in users.
Note that, when users access an Open Access dashboard it is unauthenticated, so Dashboard Server uses the application pool identity to access SCOM, and so the user's RBAC does not apply.
Team Folders are a form of access control for your dashboards. They enable you to deliver dashboards and delegate control to different teams within your organization (or to different clients if you are a service provider). You can customize which users see which dashboards, and choose to delegate authoring permissions to different users.
See Team Folders.
How do SCOM roles affect what users can do in Dashboard Server?
When Dashboard Server connects to SCOM, it does so using the end user's credentials. This means that all SCOM data in Dashboard Server is subject to SCOM's role-based access control (RBAC).
About Role-Based Access Control (RBAC)
How RBAC affects what users can see in Dashboard Server
A SCOM user accessing Dashboard Server will automatically be restricted to only what their SCOM permissions / RBAC allows them to see. This is true for everything within Dashboard Server, whether that's dashboards, performance reporting, individual objects and so on. For example, if a user views a dashboard of "All Windows Computers", the actual computers shown on the dashboard will be limited to those that the user's RBAC permissions allow them to view.
How RBAC affects what users can do in Dashboard Server
Actions in Dashboard Server are also subject to SCOM RBAC. The different SCOM roles have permissions as follows:
SCOM Role | Permissions in Dashboard Server |
Administrator | can edit, create and delete dashboards in Dashboard Server, manage alerts, manage maintenance mode and run tasks |
Author | can edit Company Knowledge |
Operator | can manage alerts, manage maintenance mode and run tasks |
Advanced Operator | have the same permissions as Operators |
Read Only Operator | can view data (including drilldown on dashboards), but cannot manage alerts, maintenance mode or run tasks |
This external article lists the SCOM roles and permissions.
Types of users in Dashboard Server
There are two types of users for Dashboard Server SCOM Edition:
Dashboard Server admin
Dashboard Server user
The SCOM role of a user defines if they are considered a Dashboard Server user or a Dashboard Server admin.
If a user has the SCOM role Administrator, they are a Dashboard Server admin. Any other role makes them a Dashboard Server user. What a Dashboard Server user can view and do in Dashboard Server depends on their SCOM RBAC permissions.
SCOM admins (who are automatically Dashboard Server admins) can carry out the following tasks in Dashboard Server:
Create, edit, and delete dashboards
Create and edit perspectives
Create or delete Team Folders
Add new PowerShell profiles and integrations (such as Web API, ServiceNow, Azure Application Insights, etc.)
Add or edit PowerShell, Web API, Azure Application Insights and Log Analytics tiles
Write SQL queries
Clone a dashboard in the Everyone pack. Team Folder authors can only clone a dashboard if they have author permissions to that folder, as it is first saved to that folder. They can then copy it to any other folder to which they also have author permissions.
Edit the global dashboard navigation structure
How to add a user to Dashboard Server
Since a user needs to be a SCOM user to have access to Dashboard Server, you need to add the user to SCOM to add them to Dashboard Server. The SCOM role you choose for the user defines their permissions in Dashboard Server.
In the Operations Manager (SCOM) console, click Administration (bottom left).
Expand Security and click on User Roles.
Right-click on the user role you wish to add your user to and click Properties.
Giving a user theAdministrator
role makes them a Dashboard Server admin. Giving them any other role makes them a Dashboard Server user.List of how SCOM roles affect user permissions in Dashboard ServerSCOM Role Permissions in Dashboard Server Administrator can edit, create and delete dashboards in Dashboard Server, manage alerts, manage maintenance mode and run tasks
Author can edit Company Knowledge Operator can manage alerts, manage maintenance mode and run tasks
Advanced Operator have the same permissions as Operators Read Only Operator can view data (including drilldown on dashboards), but cannot manage alerts, maintenance mode or run tasks Click the Add button.
Type the name of the user (or group) that you want to add.
Click OK, and OK again.
FAQ
Yes, with Sharing Dashboards with anyone - Open Access.
The Open Access feature allows you to share your dashboards with anyone, even if they are not a licensed Dashboard Server user. It creates an Open Access version of the original dashboard that can be accessed via its own URL without the need to login. Open Access dashboards are perfect for embedding them in user portals like Sharepoint, pushing them to wall monitors or using them as high-level reports for managers.
Since there's no authentication needed, viewing Open Access dashboards does not consume Named User licenses which means you can share your dashboards with unlimited users.
Creating an Open Access version of your dashboard doesn't change anything about the original dashboard. The original version can still be accessed by logged in users.
Note that, when users access an Open Access dashboard it is unauthenticated, so Dashboard Server uses the application pool identity to access SCOM, and so the user's RBAC does not apply.
Whilst any SCOM user can log on to Dashboard Server, the number of users is restricted by the number of licenses (Named Users) you have purchased from SquaredUp. If for example you have purchased 10 licenses, the first 10 users to log on will get entered as Named Users and will consume licenses accordingly.
While trialing Dashboard Server, the Trial license provides you with unlimited logons. However, the users must still be SCOM users in order to authenticate.
Named Users refers to the list of users who can log on to Dashboard Server. The number of Named Users is restricted by the number of Named User licenses you have purchased.
Team Folders are a form of access control for your dashboards. They enable you to deliver dashboards and delegate control to different teams within your organization (or to different clients if you are a service provider). You can customize which users see which dashboards, and choose to delegate authoring permissions to different users.
See Team Folders.
By default, only SCOM administrators are given permissions to manage dashboards in Dashboard Server. Team Folders (see Team Folders) allow you to provide different teams, or users, with the ability to create and customize their own dashboards.
A user can roam across devices, but cannot connect from more than one device simultaneously. A user can have Dashboard Server open in several browser tabs on the same device at the same time, but cannot access Dashboard Server from multiple different browsers at the same time.
If the same user logs in a second time elsewhere, the message There are no licenses available, or the license for this user is in use elsewhere will be displayed on the dashboards of the first session, because the Named User license for this user has been allocated to the second session.