How can I add users and limit what they can do?

bkutz
bkutz
  • Updated

This guide covers adding users to a dashboard and assigning them a custom role or permission to limit what they can do.

Managing a cryptocurrency mining farm is rarely a task for a single person. Keeping devices online and hashing is critical to maintaining profitability, and depending on the operation's size and structure, operators must work together to address problems as they arise.

Sharing Access

Foreman allows a mining operator to share access to their dashboard to promote collaboration.  This allows for multiple operators to:

  • Monitor cryptocurrency miner hash rates.
  • Get instant notifications when issues arise and take prompt action.
  • Remotely manage and configure ASICs.
  • Observe pool metrics to identify connectivity issues.
  • Monitor temperature trends to keep things cool.
  • Track profitability without disclosing wallet addresses.

Roles

Users can be assigned to roles with pre-set account permissions to restrict what actions an operator may perform.  Initially, there are two:

  • Owner: The owner of the farm in Foreman. This role is permanent and can't be removed.
  • Admin: This role grants full access to the farm. This role can remove and invite other users but can't remove the Owner.

You can also create custom roles and permissions to limit who can do what. Having roles created for common jobs like site technician allows for easy onboarding of new employees.

Here are a few typical ways in which these permissions are utilized, but keep in mind that they can be extensively personalized to suit your specific requirements:

  • Grant operators access to monitor the mining farm without allowing them to make changes to the mining pools.
  • Allow financial investors to view the Profit Report while keeping them from interacting with the miners.
  • Grant users the ability to restart cryptocurrency mining devices without providing access to daily earnings information.
Screenshot 2023-08-17 151917

Adding Users

To add a user to the farm, send them an invite from the 'Users' page within Foreman:

Within a minute, they'll receive an email where they can accept the invitation. They'll be directed to make one if they still need an account.

Invitations are only valid for 24 hours. If they fail to accept it before then, they must be re-invited. Also, invitations are tied to the recipient's email address; they cannot be accepted by a Foreman account registered to a different email.

You'll know when they've accepted your invite when their status changes from pending:

Users on an account.

Once your invitee has accepted their invitation, you can go ahead and assign them a role via the 'Actions' button attached to their name.

Removing Users

Similar to how users can be added to a farm, they can also be removed. To revoke access, click the trash can icon next to their email address (see above).

Curious About What Each Permission Does?

Add Miners

This permission controls who can add miners to Foreman, limiting usage of the 'Add Miner' button and bulk importing. For a colocation/miner hosting facility, it's recommended that this permission only be added to Administrators to prevent customers from adding neighboring miners in the same subnet.

Assign Miner Static IPs

This permission controls who can perform the manual or bulk 'Network' action to pivot a miner from DHCP to static IPs.

Blink LEDs

This permission controls who can perform the manual or bulk 'Blink LEDs' action, which causes a miner's LEDs to flash for up to 20 minutes (configurable).

Change Cooling Mode

This permission controls who can change miner cooling modes (air, immersion, etc).  These actions can only be performed against miners running custom firmware.

Change Miner Passwords

This permission controls who can change miner management console passwords (the password used to access the manufacturer-provided ASIC management page).

Change Overclock

This permission controls who can change miner performance profiles outside of "normal" and "sleeping."  A performance profile considered an "overclock" falls into anything that's not how the miner is running by default.

Change Pools

This permission controls who is allowed to change the miner's pools. This permission is recommended only to be given to trusted individuals to prevent a malicious insider from changing worker names and stealing hashrate.

Change Power Mode

This permission controls who can change the miner's power mode (sleeping vs. mining).

Edit Company Settings

This permission controls who can edit the Company Settings.  Users with this permission can add/remove users and manage their permissions.  Additionally, this permission controls who can modify MiningRigRentals and Pool API keys.

Edit Dashboard Pages

This permission controls who can enter the Page Builder and modify the dashboard by adding, removing, resizing, and repositioning blocks.

Edit Miners

This permission controls who can edit the Foreman-specific miner settings (tags, expected hash rate, temperature, fan speed ranges, current power draw, etc.).  Users with this permission can also view the miner's current management password.

The miner settings.

Edit Site Map

This permission controls who can edit the Foreman Site Map (add/remove miners, add/remove groups and racks, change miner placements).

Edit Triggers

This permission controls who can view and modify the automated, miner-based triggers established in Foreman.

Factory Reset Miners

This permission controls who can perform a factory reset of a miner, which also does an initial pool assignment.  This permission is recommended only to be given to trusted individuals to prevent a malicious insider from changing worker names and stealing hashrate.

Mining Pool Manager

Users with this permission checked will be able to approve pool change requests for your organization. We recommend restricting this permission to management-level accounts who are responsible for the mining operation.

Power Control

This permission controls who can view, create, and run power curtailment plans. This permission is recommended only to individuals tasked with putting miners to sleep during critical load-shedding events.

Setup Reports

This permission controls who can configure Reports on another user's behalf. This allows users to add Foreman and non-Foreman users to automated report emails.

Sub-Client Admin

Optional permission is only available for Foreman-registered consultants and colocation/miner hosting facilities. This controls who can access sub-dashboards associated with the account. Example: an operator working at My Consultant Company may only have permission to manage miners from the global parent dashboard, but they may not be a Sub-Client Admin, which prevents them from accessing the customer's sub-dashboard and making changes there.

View Audit Logs

This permission controls who can view system-level audit logs across the entire account.  It must be granted with Edit Company Settings, the page where the Audit Log can be accessed.  The system-level Audit Log lets users see what actions were performed, by the user, over time.

View Financials

This permission allows users to access financial-related information in Foreman. Users with this permission can view financial statistic blocks and access the Earnings page to track their earnings.

View Security

This permission determines who has access to the Security page, including all the miner passwords currently configured and the assessment of security risks associated with the account. It is advisable to grant this permission only to individuals who are trusted and authorized to handle sensitive information.

View Triggers

This permission controls who can view the Security page, which contains all currently configured triggers (automation) enabled by users on the Client.

View Worker Names

This permission controls who can view the Workers page in Foreman, which contains an index of all active and configured miner worker names and accounts.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.