Users & Roles¶
Under Users, all administrator accounts for the management UI are managed. Only admin_full accounts may manage users.
Roles¶
nmg has three roles with different permissions:
| Role | Description |
|---|---|
admin_full |
Full access to all settings and user management |
admin |
Full access to all settings, but no user management |
training_operator |
Access to the training page only; mails are masked, unmasking possible with audit entry |
Creating a User¶
Click + Add User (visible to admin_full only):
| Field | Description |
|---|---|
| Login address (username) | |
| Password | Minimum 12 characters |
| Role | admin_full, admin, or training_operator |
User Table¶
| Column | Description |
|---|---|
| Login address | |
| Role | Assigned role |
| Active | Whether the account is active |
| 2FA | Whether TOTP two-factor authentication is enabled |
| Last Login | Timestamp of last login |
| Last IP | IP address at last login |
Editing a User¶
Role and active status can be changed at any time. The last active admin_full account cannot be deleted or deactivated.
Password Reset¶
- Admin resets password: Set a temporary password via the edit dialog
- Self-reset: Via the Forgot Password link on the login page by email link (requires configured SMTP relay)
Two-Factor Authentication (TOTP)¶
Every user can set up a TOTP authenticator (e.g. Google Authenticator, Bitwarden, 1Password) under My Account. After setup, a 6-digit code is required at login in addition to the password.
Admins can see in the user table whether TOTP is active for an account. The TOTP secret of another user is not visible — the account must be reset on loss.
API Keys¶
Under Settings → API Keys (or under My Account), API keys for programmatic access can be created.
| Field | Description |
|---|---|
| Name | Label (e.g. monitoring, integration) |
| Key | Shown once — store securely |
| Created At | Creation date |
| Last Used | Timestamp of last API call |
API keys are sent in the HTTP header Authorization: Bearer <key>.
Audit Log¶
All administrative actions are logged in the Audit Log — immutable and aggregated cluster-wide.
| Column | Description |
|---|---|
| Time | Action timestamp |
| User | Admin account that triggered it |
| Node | Cluster node where the action was performed |
| Action | Type of change (e.g. domain.create, mailconfig.update, training.reveal) |
| Subject | Affected object (e.g. domain name) |
| Details | Changed fields and new values |
| IP | Browser IP address of the admin |
The audit log is read-only and cannot be deleted. Unmask actions by training_operator users always appear in the audit log.
My Account¶
Under My Account, every user can: - Change their own password - Set up or disable TOTP - Manage their own API keys