Introduction to the System Administrator

The system administrator can configure system security policies, implement rights- and domain-based management, restrict IP addresses that can access UltraVR, implement real-time monitoring, and manage online administrators.

By default, UltraVR provides six user levels, namely, admin, administrator, operator, auditor, NBIRole, and SyncAdmin. Table 1 describes permissions of each user level.

**Table 1** Description of user permissions
User Role	Permission
admin	Default administrator admin provided by the system. User admin has permissions for all operations and can manage all resources and users, and it cannot be deleted.
administrator	Admin Role users. Have permissions for all UltraVR operations except for configuring the admin and Admin Role users.
operator	Operator Role users. Such users have the following permissions: View and refresh resources and all operation permissions of the sites All operation permissions of the protected groups All operation permissions of the recovery plan All operation permissions of monitoring View on-line administrators, view and configure the system performance, all operation permissions of data maintenance, view and export system operation logs, notify server all remote maintenance
auditor	Auditor Role users. Such users only have permissions to view operation logs dump, view and export system operation logs.
NBIRole	Users belonging to Third-Part System User Group. Such users only have permissions to view sites, protected group, view and execute recovery plan.
SyncAdmin	This role is used for the communication between two UltraVR servers, and cannot be used by a third-party system or to log in to UltraVR for system maintenance.

Rights- and domain-based management, IP address restriction, and accounts for the communication between the two UltraVR servers are implemented based on the configuration of administrators and administrator groups.

An administrator group is a set of operation permissions. You can allocate an administrator to an administrator group to make the administrator to inherit the operation permissions of the group.
The system provides default administrator admin. admin has all operation permissions and can manage all resources. Note that admin cannot be modified. You can create an administrator and select an administrator group and resources for this administrator to implement the rights- and domain-based management of UltraVR.
You can select the IP address segments that can access UltraVR for an administrator to restrict IP addresses that access UltraVR.
Default management user SyncAdmin provided by the system can be used for communication between two UltraVR servers.

The system security policy contains the password policy, session timeout threshold, maximum number of user connections, and login policy. The detailed information is as follows:

The password policy defines the minimum length and complexity of the passwords of the system administrators.
The session timeout threshold refers to the period when it is exceeded the session between the system administrator and UltraVR is interrupted. Any operations of the system administrator on the UltraVR interface will make the timeout threshold counting start from 0 again.
If the system administrator does not perform any operation within the timeout threshold after logging in to UltraVR, the current session is interrupted. If the system administrator needs to perform operations on UltraVR after the interruption, it needs to log in to UltraVR again.
The maximum number of user connections limit the number of sessions of users that log in to UltraVR concurrently. If the number of user sessions exceeds the upper limit, no more user can log in to UltraVR. This policy applies to man-machine accounts only, and is invalid for machine-machine accounts of the NBIRole role.
The login policy defines the lock period after a specific number of consecutive incorrect passwords are entered when the system administrator attempts to log in to UltraVR.